Google Redirect Virus

March 4, 2010 at 15:08:40
Specs: Windows Vista
I've read about this Google redirect virus on this forum and was hoping someone could help me.

To describe what happens, when I conduct a search in Google, I go to click on the results and I'm always taken to the wrong page. Some sort of advertising page.

I've tried all of the conventional ways to remove it, AVG, Adaware, CCleaner, but nothing has worked.

Thanks.


See More: Google Redirect Virus

Report •


#1
March 4, 2010 at 15:18:14
Run these scans and post there logs.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
March 4, 2010 at 15:35:39
Hi Jabuck,

Thanks SO much for your prompt reply. I have followed your directions and here are the results of the files:

exehelperlog

exeHelper by Raktor
Build 20091220
Run at 15:23:39 on 03/04/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

DDS


DDS (Ver_09-12-01.01) - NTFSX64
Run by Kim at 15:27:04.23 on Thu 03/04/2010
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4024.1691 [GMT -8:00]

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe
C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
C:\Program Files (x86)\ClipMate7\ClipMate.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Kim\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Qualcomm\Eudora\Eudora.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames.exe
C:\Windows\system32\taskeng.exe
C:\Users\Kim\Desktop\exeHelper.com
C:\Windows\SysWOW64\notepad.exe
C:\Users\Kim\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=1208&m=aspire_6930
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=1208&m=aspire_6930
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=1208&m=aspire_6930
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp64&d=1208&m=aspire_6930
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {11580c2f-f06b-4e66-bba4-9b013501e67b} - c:\windows\syswow64\deskmon32.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files (x86)\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ClipMate7] c:\program files (x86)\clipmate7\ClipMate.exe
mRun: [eAudio] "c:\program files\acer\empowering technology\eaudio\eAudio.exe"
mRun: [eRecoveryService]
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: eBay Search - c:\program files (x86)\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: easysimulations.com\www
Trusted Zone: select2perform.com\www
Trusted Zone: yahoo.com\www
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.20.01.0/iewwload.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~2\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files (x86)\acer\empowering technology\edatasecurity\x64\ActiveToolBand.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg64.dll
BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
TB-X64: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files (x86)\acer\empowering technology\edatasecurity\x64\eDStoolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun-x64: [eDataSecurity Loader] "c:\program files (x86)\acer\empowering technology\edatasecurity\x64\eDSloader.exe"
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kim\appdata\roaming\mozilla\firefox\profiles\vkg2vayx.kim\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?806968|chrome://google-toolbar/content/new-tab.html
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\kim\appdata\roaming\mozilla\firefox\profiles\vkg2vayx.kim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\kim\appdata\roaming\mozilla\firefox\profiles\vkg2vayx.kim\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files (x86)\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Firefox security: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-9-16 68640]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-6-1 422920]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-6-1 34248]
R1 AvgTdiA;AVG Free8 Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-6-1 470024]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files (x86)\acer arcade deluxe\playmovie\000.fcl [2008-12-25 32240]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2009-11-17 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2009-11-17 285392]
R2 BroadCamService;BroadCam Video Streaming Server;c:\program files (x86)\nch software\broadcam\broadcam.exe [2010-1-14 946180]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files (x86)\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 CLHNService;CLHNService;c:\program files (x86)\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2008-12-25 81504]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-12-17 24576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2009-7-3 1028432]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-17 129536]
R3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\drivers\NETw5v64.sys [2008-12-17 4730368]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 46592]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-2-22 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]

=============== Created Last 30 ================

2010-03-03 06:36:53 0 d-----w- c:\users\kim\appdata\roaming\Thornsoft Development
2010-03-03 06:36:44 0 d-----w- c:\program files (x86)\ClipMate7
2010-02-28 05:52:59 524288 --sha-w- c:\users\kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
2010-02-28 05:52:58 65536 --sha-w- c:\users\kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TM.blf
2010-02-28 05:52:58 524288 --sha-w- c:\users\kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
2010-02-25 08:19:03 77976 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-23 20:17:02 1927680 ----a-w- c:\windows\system32\gameux.dll
2010-02-23 20:17:01 1696256 ----a-w- c:\windows\syswow64\gameux.dll
2010-02-23 20:17:00 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-02-23 20:17:00 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-23 20:17:00 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-02-23 20:16:59 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-23 20:16:47 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-02-23 20:16:47 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-23 20:16:13 471552 ----a-w- c:\windows\syswow64\secproc_isv.dll
2010-02-23 20:16:12 471552 ----a-w- c:\windows\syswow64\secproc.dll
2010-02-23 20:16:09 538624 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-23 20:16:05 539136 ----a-w- c:\windows\system32\secproc.dll
2010-02-23 20:16:03 600576 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-23 20:16:03 599552 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-23 20:16:03 413696 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-23 20:16:03 409600 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-23 20:16:00 526336 ----a-w- c:\windows\syswow64\RMActivate_isv.exe
2010-02-23 20:15:59 518144 ----a-w- c:\windows\syswow64\RMActivate.exe
2010-02-23 20:15:59 460288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-23 20:15:59 347136 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe
2010-02-23 20:15:59 346624 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe
2010-02-23 20:15:59 332288 ----a-w- c:\windows\syswow64\msdrm.dll
2010-02-23 20:15:59 160768 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-23 20:15:59 160768 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-23 20:15:59 152576 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll
2010-02-23 20:15:59 152064 ----a-w- c:\windows\syswow64\secproc_ssp.dll
2010-02-18 06:41:07 0 d-sh--w- c:\users\kim\appdata\roaming\SystemProc
2010-02-17 09:50:35 9728 ----a-w- c:\windows\syswow64\ftlx041e.dll
2010-02-17 09:50:35 9728 ----a-w- c:\windows\system32\ftlx041e.dll
2010-02-17 09:50:35 9216 ----a-w- c:\windows\syswow64\ftlx0411.dll
2010-02-17 09:50:35 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2010-02-17 09:50:35 296960 ----a-w- c:\windows\winhlp32.exe
2010-02-17 09:50:35 194560 ----a-w- c:\windows\syswow64\ftsrch.dll
2010-02-17 09:50:35 194560 ----a-w- c:\windows\system32\ftsrch.dll
2010-02-14 07:48:08 303616 ----a-w- c:\windows\IsUninst.exe
2010-02-13 17:40:57 0 d-----w- c:\users\kim\appdata\roaming\EurekaLog
2010-02-12 04:49:23 0 d-----w- c:\users\kim\appdata\roaming\BitZipper
2010-02-12 04:49:19 0 d-----w- c:\program files (x86)\BitZipper
2010-02-09 17:30:55 65536 --sha-w- c:\users\kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TM.blf
2010-02-09 17:30:55 524288 --sha-w- c:\users\kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
2010-02-09 17:30:55 524288 --sha-w- c:\users\kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
2010-02-08 19:29:59 0 d-----w- c:\program files\iPod
2010-02-08 19:29:58 0 d-----w- c:\program files\iTunes
2010-02-08 19:29:58 0 d-----w- c:\program files (x86)\iTunes

==================== Find3M ====================

2010-03-04 07:19:37 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-04 07:19:37 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-20 09:10:27 15688 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 09:07:41 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-18 13:08:01 86528 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 13:01:56 78336 ----a-w- c:\windows\syswow64\ieencode.dll
2009-12-18 01:14:09 153376 ----a-w- c:\windows\syswow64\javaws.exe
2009-12-18 01:14:08 145184 ----a-w- c:\windows\syswow64\javaw.exe
2009-12-18 01:14:06 145184 ----a-w- c:\windows\syswow64\java.exe
2009-12-18 01:14:00 411368 ----a-w- c:\windows\syswow64\deploytk.dll
2009-12-16 12:16:02 1032192 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 11:44:23 834048 ----a-w- c:\windows\syswow64\wininet.dll
2009-12-16 11:44:14 1176064 ----a-w- c:\windows\syswow64\urlmon.dll
2009-12-16 11:42:38 3600896 ----a-w- c:\windows\syswow64\mshtml.dll
2009-12-16 11:42:09 6079488 ----a-w- c:\windows\syswow64\ieframe.dll
2009-12-16 11:42:09 193024 ----a-w- c:\windows\syswow64\iepeers.dll
2009-12-16 11:42:09 180736 ----a-w- c:\windows\syswow64\ieui.dll
2009-12-16 11:42:08 380928 ----a-w- c:\windows\syswow64\ieapfltr.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\syswow64\GPhotos.scr
2009-12-13 18:13:33 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-12-08 20:22:09 4698184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-07 20:45:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:28:48.16 ===============


Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/25/2008 5:14:12 AM
System Uptime: 3/4/2010 9:07:26 AM (6 hours ago)

Motherboard: Acer | | Makalu
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 143 GiB total, 74.793 GiB free.
D: is FIXED (NTFS) - 139 GiB total, 133.177 GiB free.
F: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================


==== Installed Programs ======================

Acer Arcade Deluxe
Acer Assist
Acer Crystal Eye Webcam 2.0.8
Acer eAudio Management
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePower Management
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer Registration
Acer ScreenSaver
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Ad-Aware
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.3.1
Agatha Christie Death on the Nile
Alice Greenfingers
Apple Application Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AVG Free 9.0
AviSynth 2.5
Azada
Backspin Billiards
Big Fish Games Client
Big Kahuna Reef
BitZipper 2009
Bookworm Deluxe
Bricks of Egypt
BroadCam Video Streaming Server
Cake Mania
Canon MP Navigator EX 1.2
Canon MP190 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCleaner
Chicken Invaders 3
Chuzzle
ClipMate 7
Cool Timer 3.6
Debut Video Capture Software
Diner Dash Flo on the Go
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD Shrink 3.2
eSobi v2
Eudora
EudoraProject
Express Burn
FileZilla Client 3.3.2
Flip Words 2
Free iPod Video Converter V 2.91
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Jasc Paint Shop Pro 8
Java Auto Updater
Java(TM) 6 Update 18
Jewel Quest Solitaire
K-Lite Mega Codec Pack 5.0.0
Kick N Rush
Launch Manager
LightScribe 1.4.142.1
LimeWire 5.4.8
Mahjong Escape Ancient China
Mahjongg Artifacts
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Case Files: Huntsville ™
Mystery Case Files: Prime Suspects ™
Mystery Case Files: Ravenhearst ™
Mystery Solitaire - Secret Island
Notepad++
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OpenOffice.org 3.1
PhotoNow!
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Samsung PC Studio 3 USB Driver Installer
Seesmic Desktop
Skype web features
Skype™ 4.1
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Winbond CIR Device Drivers
WinX Free iPod Video Converter 3.6.1
XHeader
XP Codec Pack
Zuma Deluxe

==== End Of File ===========================


Report •

#3
March 4, 2010 at 16:40:33
You need to uninstall LimeWire at least untill we get your computer clean. A bad thing for you is that there are only a limited few removal tools that work on a 64 bit system right now so you are kinda out on a limb. If you were to end up formating the computer you should choose the 32 bit system option when prompted instead of the 64 bit option.

Please download SuperAntiSpyware's free edition from the following link to your desktop:

SuperAntiSpyware


1. Open SuperAntiSpware from its icon and install and Update it
2. Under Scanner Options make sure the following are checked (leave all others unchecked):
3. Close browsers before scanning.
4. Scan for tracking cookies.
5. Terminate memory threats before quarantining.
6. Click the "Close" button to leave the control center screen and exit the program.
DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode.

Now Scan with SuperAntiSpyware
1. Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
2. Perform a Complete scan. After scan,Verify they are all checked.
3. Click OK on the summary screen to quarantine all found items.
4. If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
1. Click Preferences, then click the Statistics/Logs tab.
2. Under Scanner Logs, double-click SuperAntiSpyware Scan Log.
3. If there are several logs, click the current dated log and press View log.
4. A text file will open in your default text editor.
5. Please copy and paste the Scan Log results in your next reply.
6. Click Close to exit the program.

Please run Esets online scanner from this link:

ESET

1. Note: You will need to use Internet explorer for this scan
2. Tick the box next to YES, I accept the Terms of Use.
3. Click Start
4. When asked, allow the activex control to install
5. Click Start
6. Make sure that the option Remove found threats is unticked ( I want to see what is found first), and the option Scan unwanted applications is checked
7. Click Scan
8. Wait for the scan to finish
9. Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
10. Copy and paste that log in your next reply.


Report •

Related Solutions

#4
March 4, 2010 at 18:58:48
Okay, here is the log from Superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/04/2010 at 06:22 PM

Application Version : 4.34.1000

Core Rules Database Version : 4640
Trace Rules Database Version: 2452

Scan type : Complete Scan
Total Scan Time : 01:17:29

Memory items scanned : 164
Memory threats detected : 0
Registry items scanned : 6179
Registry threats detected : 0
File items scanned : 165689
File threats detected : 4

Adware.Tracking Cookie
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Cookies\kim@doubleclick[1].txt
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Cookies\kim@atdmt[1].txt
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Cookies\kim@2o7[2].txt
C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Cookies\Low\kim@doubleclick[1].txt


I tried to do that ESET scan but I keep getting a message that says CANNOT GET UPDATE.... IS PROXY CONFIGURED?

Thanks.
Kim


Report •

#5
March 4, 2010 at 19:32:56
Nothing in the first sacn.

This scan will produce a large report that may take several post to get all the info to us, but please post all of it.

Please download OTL from following site:

OTL by OldTimer

1. Save it to your desktop
2. Double click the OTL icon on your desktop
3. Close any open browsers.
4. Double-click on OTL.exe to start the program.
Leave all settings as they appear as default, except for the following:

Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Now click the Run Scan button on the toolbar.
The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Save that notepad file
Post the contents of that Notepad document in your next reply.


Report •

#6
March 4, 2010 at 20:01:22
I reopened Superantispyware and when I click on the log file, it really only does give that little bit of info that I posted in my last reply. Could what you're looking for be located somewhere else ?

The OTL spawned two files. I'll place one here, then the other in a new reply:

OTL.txt
First half

------------------------------


OTL logfile created on: 3/4/2010 7:44:02 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Kim\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.04 Gb Total Space | 74.44 Gb Free Space | 52.04% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 133.18 Gb Free Space | 95.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIM-PC
Current User Name: Kim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/03/04 19:41:40 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
PRC - [2010/02/21 08:33:46 | 007,569,920 | ---- | M] (FileZilla Project) -- C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
PRC - [2010/02/20 01:10:11 | 000,520,024 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/20 01:10:10 | 001,028,432 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/14 12:51:06 | 000,946,180 | ---- | M] (NCH Software) -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe
PRC - [2010/01/04 11:36:44 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2009/11/17 21:41:43 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/17 21:41:35 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2009/11/17 21:41:33 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/29 22:00:19 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/29 01:09:50 | 001,220,608 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files (x86)\Notepad++\notepad++.exe
PRC - [2009/01/31 10:00:40 | 003,760,424 | ---- | M] (Thornsoft Development, Inc.) -- C:\Program Files (x86)\ClipMate7\ClipMate.exe
PRC - [2008/07/29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 17:52:56 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe
PRC - [2008/07/20 01:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/07/20 01:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
PRC - [2008/04/25 21:36:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
PRC - [2008/03/03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
PRC - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/03/04 19:41:40 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
MOD - [2009/04/10 22:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2009/09/24 17:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:[b]64bit:[/b] - [2008/08/19 14:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV:[b]64bit:[/b] - [2008/01/20 18:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/02/20 01:10:10 | 001,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/14 12:51:06 | 000,946,180 | ---- | M] (NCH Software) [Auto | Running] -- C:\Program Files (x86)\NCH Software\BroadCam\broadcam.exe -- (BroadCamService)
SRV - [2009/11/17 21:41:35 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/17 21:41:33 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/29 20:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/07/20 01:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/04/25 21:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008/04/25 21:36:02 | 000,131,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008/03/03 13:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008/01/16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007/12/06 16:16:16 | 000,132,096 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/11/02 05:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006/11/01 22:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006/11/01 22:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2009/11/17 21:41:52 | 000,470,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgtdia.sys -- (AvgTdiA)
DRV:[b]64bit:[/b] - [2009/11/17 21:41:52 | 000,422,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (AvgLdx64)
DRV:[b]64bit:[/b] - [2009/11/17 21:41:52 | 000,034,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (AvgMfx64)
DRV:[b]64bit:[/b] - [2009/08/28 18:42:52 | 000,049,152 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2009/07/03 06:49:17 | 000,068,640 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2008/07/29 17:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys -- (psdvdisk)
DRV:[b]64bit:[/b] - [2008/07/29 17:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys -- (PSDNServ)
DRV:[b]64bit:[/b] - [2008/07/29 17:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV:[b]64bit:[/b] - [2008/07/20 17:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2008/06/12 02:51:36 | 007,911,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2008/06/04 01:55:16 | 000,129,536 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2008/05/19 08:23:00 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:[b]64bit:[/b] - [2008/05/04 17:05:00 | 004,730,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2008/04/28 03:56:16 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:[b]64bit:[/b] - [2008/04/24 18:08:46 | 000,325,168 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2008/03/26 11:03:06 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:[b]64bit:[/b] - [2008/01/30 01:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:[b]64bit:[/b] - [2008/01/30 01:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:[b]64bit:[/b] - [2008/01/20 18:47:27 | 000,168,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\usbvideo.sys -- (usbvideo) USB Video Device (WDM)
DRV:[b]64bit:[/b] - [2008/01/20 18:46:57 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:[b]64bit:[/b] - [2008/01/20 18:46:57 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:[b]64bit:[/b] - [2008/01/20 18:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:[b]64bit:[/b] - [2008/01/20 18:46:51 | 000,017,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CmBatt.sys -- (CmBatt)
DRV:[b]64bit:[/b] - [2007/07/03 17:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:[b]64bit:[/b] - [2007/07/03 17:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:[b]64bit:[/b] - [2007/07/03 17:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:[b]64bit:[/b] - [2007/07/03 17:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:[b]64bit:[/b] - [2007/03/28 07:50:16 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\winbondcir.sys -- (winbondcir)
DRV:[b]64bit:[/b] - [2006/11/01 21:28:10 | 000,273,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/19 14:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008/07/18 16:05:12 | 000,032,240 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2007/12/13 03:07:34 | 000,003,481 | ---- | M] () [File_System | Boot | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDFilter.inf -- (PSDFilter)
DRV - [2007/12/13 03:07:34 | 000,003,460 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDNserv.inf -- (PSDNServ)
DRV - [2007/12/13 03:07:34 | 000,003,459 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\PSDVDisk.inf -- (psdvdisk)
DRV - [2006/11/02 05:01:28 | 000,025,872 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)
DRV - [2006/09/18 13:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2006/09/18 13:35:23 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b...
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b...
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b...

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b...
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 2F 0C 58 11 6B F0 66 4E BB A4 9B 01 35 01 E6 7B [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9


FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/03/30 22:36:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2009/12/11 09:24:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/19 02:41:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/02/19 02:41:00 | 000,000,000 | ---D | M]

[2009/07/13 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Extensions
[2009/07/13 12:18:00 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/17 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\hj4p8ceb.default\extensions
[2010/02/22 10:11:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\hj4p8ceb.default\extensions\{20c4c074-5b3e-4da1-a1b6-a036b91181f0}
[2009/04/01 00:26:34 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\hj4p8ceb.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/04/01 00:26:40 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\hj4p8ceb.default\extensions\moveplayer@movenetworks.com
[2010/02/17 22:41:05 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\m1gasfzp.default\extensions
[2010/02/22 10:11:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\m1gasfzp.default\extensions\{20c4c074-5b3e-4da1-a1b6-a036b91181f0}
[2009/06/05 22:23:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\m1gasfzp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/03 23:19:21 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions
[2009/09/03 20:38:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/22 10:11:01 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{20c4c074-5b3e-4da1-a1b6-a036b91181f0}
[2010/02/20 10:16:00 | 000,000,000 | ---D | M] (eBay Toolbar) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{249df6a2-e336-47d1-b6c3-ec711ad140ca}
[2009/12/21 18:39:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/22 18:07:00 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2009/04/01 00:55:51 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010/01/31 16:36:19 | 000,000,000 | ---D | M] (OnlyWire) -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\{e26ba8db-a646-a44e-997c-2fafeadb50f2}
[2010/02/25 10:08:31 | 000,000,000 | ---D | M] -- C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\vkg2vayx.Kim\extensions\firebug@software.joehewitt.com
[2010/02/26 20:09:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/02/17 22:41:06 | 000,000,000 | ---D | M] (Firefox security) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/02/11 11:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2006/09/18 13:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:[b]64bit:[/b] - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL File not found
O2:[b]64bit:[/b] - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {11580C2F-F06B-4E66-BBA4-9B013501E67b} - C:\Windows\SysWow64\deskmon32.dll File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4:[b]64bit:[/b] - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKCU..\Run: [ClipMate7] C:\Program Files (x86)\ClipMate7\ClipMate.exe (Thornsoft Development, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: easysimulations.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: select2perform.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eo... (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_18)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/la... (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/ji... (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:[b]64bit:[/b] - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:[b]64bit:[/b] - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Kim\Pictures\SSPX0129.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kim\Pictures\SSPX0129.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{13b18d80-1e7a-11de-93e3-00238b59ad10}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{6c944216-5e9f-11de-a121-00238b59ad10}\Shell - "" = AutoRun
O33 - MountPoints2\{6c944216-5e9f-11de-a121-00238b59ad10}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{78234208-9999-11de-8a23-00238b59ad10}\Shell - "" = AutoRun
O33 - MountPoints2\{78234208-9999-11de-8a23-00238b59ad10}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\E\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
[b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs:[b]64bit:[/b] Ias - C:\Windows\SysNative\ias [2008/01/20 19:06:38 | 000,000,000 | ---D | M]
NetSvcs:[b]64bit:[/b] Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:[b]64bit:[/b] Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias [2008/01/20 19:08:35 | 000,000,000 | ---D | M]
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)
OTL cannot create restorepoints on Vista OSs!

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010/03/04 19:41:37 | 000,554,496 | ---- | C] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2010/03/04 18:30:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2010/03/04 16:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/03/04 16:49:19 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\SUPERAntiSpyware.com
[2010/03/04 16:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2010/03/04 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010/03/04 14:42:10 | 010,037,704 | ---- | C] (Microsoft Corporation) -- C:\Users\Kim\Desktop\windows-kb890830-x64-v3.4.exe
[2010/03/02 22:36:53 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Thornsoft Development
[2010/03/02 22:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClipMate7
[2010/02/23 12:17:02 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2010/02/23 12:17:01 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2010/02/23 12:17:00 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2010/02/23 12:17:00 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll
[2010/02/23 12:17:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2010/02/23 12:16:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2010/02/23 12:16:13 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/23 12:16:12 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/23 12:16:09 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/23 12:16:05 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/23 12:16:03 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/23 12:16:03 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/23 12:16:03 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/23 12:16:03 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/23 12:16:00 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/23 12:15:59 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/23 12:15:59 | 000,460,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2010/02/23 12:15:59 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/23 12:15:59 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/23 12:15:59 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdrm.dll
[2010/02/23 12:15:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll


Report •

#7
March 4, 2010 at 20:01:54
OTL.txt
Second Half

--------------------------------

[2010/02/23 12:15:59 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/23 12:15:59 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/23 12:15:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/22 14:12:46 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\VRED
[2010/02/22 10:10:20 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Notepad++
[2010/02/22 10:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2010/02/22 10:08:46 | 002,087,544 | ---- | C] (W3i, LLC) -- C:\Users\Kim\Documents\notepad_9898.exe
[2010/02/18 02:03:40 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\FileZilla
[2010/02/18 02:03:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/02/17 22:41:07 | 000,000,000 | -HSD | C] -- C:\Users\Kim\AppData\Roaming\SystemProc
[2010/02/17 22:20:12 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\Incomplete
[2010/02/17 01:51:22 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Help
[2010/02/17 01:51:22 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\Help
[2010/02/17 01:50:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftsrch.dll
[2010/02/17 01:50:35 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftsrch.dll
[2010/02/17 01:50:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx041e.dll
[2010/02/17 01:50:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx041e.dll
[2010/02/17 01:50:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ftlx0411.dll
[2010/02/17 01:50:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ftlx0411.dll
[2010/02/13 23:48:08 | 000,303,616 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/02/13 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\EurekaLog
[2010/02/11 20:49:23 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\BitZipper
[2010/02/11 20:49:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitZipper
[2010/02/10 11:58:52 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/10 11:58:51 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/10 11:58:51 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvfw32.dll
[2010/02/10 11:58:51 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/10 11:58:51 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/10 11:58:51 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/10 11:58:51 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/10 11:58:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/10 11:58:51 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/10 11:58:51 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/10 11:58:33 | 004,698,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/02/08 11:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/02/08 11:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/02/08 11:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/02/08 11:28:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/02/03 02:04:04 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\dvd
[2008/12/17 21:13:36 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2004/11/24 11:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\SysWow64\drvc.dll
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010/03/04 19:44:40 | 004,194,304 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT
[2010/03/04 19:41:40 | 000,554,496 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2010/03/04 19:21:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/04 18:28:15 | 056,711,097 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/03/04 18:24:15 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2010/03/04 18:24:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 18:24:06 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 18:24:06 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/04 18:24:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/04 18:24:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/04 18:22:58 | 000,524,288 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 18:22:58 | 000,065,536 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TM.blf
[2010/03/04 16:49:21 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/04 16:48:35 | 007,757,856 | ---- | M] () -- C:\Users\Kim\Desktop\SUPERAntiSpyware.exe
[2010/03/04 15:24:43 | 000,524,288 | ---- | M] () -- C:\Users\Kim\Desktop\dds.scr
[2010/03/04 15:23:20 | 000,290,816 | ---- | M] () -- C:\Users\Kim\Desktop\exeHelper.com
[2010/03/04 14:42:13 | 010,037,704 | ---- | M] (Microsoft Corporation) -- C:\Users\Kim\Desktop\windows-kb890830-x64-v3.4.exe
[2010/03/03 23:16:42 | 000,789,862 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/03 23:16:42 | 000,663,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/03 23:16:42 | 000,129,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/02 22:36:49 | 000,000,791 | ---- | M] () -- C:\Users\Kim\Desktop\ClipMate.lnk
[2010/03/01 17:12:40 | 000,001,744 | ---- | M] () -- C:\Users\Kim\Desktop\XHeader.lnk
[2010/02/27 23:36:19 | 000,524,288 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
[2010/02/27 03:04:49 | 000,524,288 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/27 03:04:49 | 000,065,536 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TM.blf
[2010/02/26 20:09:56 | 000,001,728 | ---- | M] () -- C:\Users\Kim\Desktop\CCleaner.lnk
[2010/02/25 12:40:35 | 000,715,787 | ---- | M] () -- C:\Users\Kim\Desktop\Common_Sense_Internet_Marketing.pdf
[2010/02/25 11:32:14 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/02/25 00:19:03 | 000,077,976 | ---- | M] () -- C:\Windows\SysNative\GDIPFONTCACHEV1.DAT
[2010/02/25 00:18:19 | 000,322,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/02/22 12:57:19 | 000,521,886 | ---- | M] () -- C:\Users\Kim\Desktop\EzineTrafficFormula.pdf
[2010/02/22 12:56:29 | 000,151,923 | ---- | M] () -- C:\Users\Kim\Desktop\EzineAdTerms.pdf
[2010/02/22 10:08:47 | 002,087,544 | ---- | M] (W3i, LLC) -- C:\Users\Kim\Documents\notepad_9898.exe
[2010/02/20 01:10:27 | 000,015,688 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010/02/19 01:48:48 | 000,001,027 | ---- | M] () -- C:\Windows\wininit.ini
[2010/02/17 14:20:46 | 000,001,921 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/15 11:33:35 | 000,328,856 | ---- | M] () -- C:\Users\Kim\Desktop\IA_Passive_Continuity_System.pdf
[2010/02/11 20:49:22 | 000,000,862 | ---- | M] () -- C:\Users\Kim\Desktop\BitZipper.lnk
[2010/02/09 09:30:55 | 000,524,288 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
[2010/02/08 11:30:27 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/02/08 01:28:50 | 000,524,288 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010/02/08 01:28:50 | 000,065,536 | -HS- | M] () -- C:\Users\Kim\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/03/04 16:49:21 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/03/04 16:47:12 | 007,757,856 | ---- | C] () -- C:\Users\Kim\Desktop\SUPERAntiSpyware.exe
[2010/03/04 15:24:38 | 000,524,288 | ---- | C] () -- C:\Users\Kim\Desktop\dds.scr
[2010/03/04 15:23:19 | 000,290,816 | ---- | C] () -- C:\Users\Kim\Desktop\exeHelper.com
[2010/03/02 22:36:49 | 000,000,791 | ---- | C] () -- C:\Users\Kim\Desktop\ClipMate.lnk
[2010/03/01 17:12:40 | 000,001,744 | ---- | C] () -- C:\Users\Kim\Desktop\XHeader.lnk
[2010/02/27 21:52:59 | 000,524,288 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
[2010/02/27 21:52:58 | 000,524,288 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/27 21:52:58 | 000,065,536 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{71a63baf-242d-11df-8e8a-00238b59ad10}.TM.blf
[2010/02/25 12:40:35 | 000,715,787 | ---- | C] () -- C:\Users\Kim\Desktop\Common_Sense_Internet_Marketing.pdf
[2010/02/22 12:57:16 | 000,521,886 | ---- | C] () -- C:\Users\Kim\Desktop\EzineTrafficFormula.pdf
[2010/02/22 12:56:29 | 000,151,923 | ---- | C] () -- C:\Users\Kim\Desktop\EzineAdTerms.pdf
[2010/02/22 10:11:32 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 10:11:31 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/18 02:03:37 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2010/02/17 14:20:46 | 000,001,921 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/15 11:33:35 | 000,328,856 | ---- | C] () -- C:\Users\Kim\Desktop\IA_Passive_Continuity_System.pdf
[2010/02/11 20:49:22 | 000,000,862 | ---- | C] () -- C:\Users\Kim\Desktop\BitZipper.lnk
[2010/02/09 09:30:55 | 000,524,288 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000002.regtrans-ms
[2010/02/09 09:30:55 | 000,524,288 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TMContainer00000000000000000001.regtrans-ms
[2010/02/09 09:30:55 | 000,065,536 | -HS- | C] () -- C:\Users\Kim\NTUSER.DAT{cbac669d-15a0-11df-a8b3-00238b59ad10}.TM.blf
[2010/02/08 11:30:27 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/01/12 14:23:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/12/13 10:13:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 16:57:42 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/03 16:56:32 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/10/07 16:26:54 | 000,000,094 | ---- | C] () -- C:\Windows\awshkwv.ini
[2009/09/13 16:53:19 | 000,006,814 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/08/04 12:31:57 | 000,001,027 | ---- | C] () -- C:\Windows\wininit.ini
[2009/07/13 21:49:33 | 000,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 21:49:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/07/13 21:49:31 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009/07/13 21:49:31 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009/07/13 21:49:30 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009/07/13 21:49:28 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/07/13 21:49:28 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009/07/09 09:54:26 | 000,000,091 | -H-- | C] () -- C:\Users\Kim\AppData\Local\fusioncache.dat
[2009/07/02 18:46:29 | 000,787,100 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/06/15 09:45:30 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/05/10 08:48:46 | 000,037,376 | -H-- | C] () -- C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/02 17:29:18 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2009/05/02 17:29:18 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2009/05/02 17:29:18 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009/04/08 09:14:56 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/04/08 09:14:56 | 000,000,088 | RHS- | C] () -- C:\ProgramData\185546BFB9.sys
[2009/04/07 14:13:09 | 000,000,680 | -H-- | C] () -- C:\Users\Kim\AppData\Local\d3d9caps.dat
[2008/12/25 05:32:37 | 000,006,060 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2008/12/25 05:20:28 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008/12/25 05:20:28 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008/12/25 05:18:21 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/12/17 23:13:34 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008/12/17 23:13:34 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008/01/20 18:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007/07/01 03:12:14 | 003,145,728 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2007/07/01 02:59:22 | 000,517,632 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2007/06/17 03:43:56 | 000,405,504 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2007/06/12 03:21:26 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\ff_theora.dll
[2007/01/09 09:05:50 | 000,026,112 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2004/10/03 09:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\ff_mpeg2enc.dll
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008/01/20 18:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2008/01/20 18:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/10 23:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2006/11/02 03:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS >[/color]
[2008/07/20 01:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008/07/20 01:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/07/20 01:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
[2008/07/20 01:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2008/01/20 18:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2008/01/20 18:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009/04/10 23:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008/01/20 18:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2008/01/20 18:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2008/01/20 18:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008/01/20 18:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009/04/10 23:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:4673E9EA
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:260575F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E6743160
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:E13861A5
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:B0D4D817
@Alternate Data Stream - 101 bytes -> C:\ProgramData\Temp:E49FC3A5
< End of report >


Report •

#8
March 4, 2010 at 20:02:44
Extras.txt
First half

------------------------------

OTL Extras logfile created on: 3/4/2010 7:44:02 PM - Run 1
OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\Kim\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 143.04 Gb Total Space | 74.44 Gb Free Space | 52.04% Space Free | Partition Type: NTFS
Drive D: | 139.50 Gb Total Space | 133.18 Gb Free Space | 95.47% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.86 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KIM-PC
Current User Name: Kim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 0F 44 1A A4 94 74 CA 01 [binary data]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files (x86)\BitTorrent\bittorrent.exe" = C:\Program Files (x86)\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2C1F3A49-B78B-4E49-92EB-C07BE9042B75}" = lport=445 | protocol=6 | dir=in | app=system |
"{34F3D77D-E656-4578-8283-750155280504}" = rport=445 | protocol=6 | dir=out | app=system |
"{3B7504E7-BDA8-4443-95CF-CC948F283889}" = rport=137 | protocol=17 | dir=out | app=system |
"{8319B839-09ED-4BF0-8A31-5F95A34CBFF8}" = lport=4100 | protocol=17 | dir=in | name=upnp router control port |
"{872113D4-4A03-4F50-BAD7-68D64CB405B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B938A3F6-1CA2-4FF7-B0A1-95B25540D105}" = rport=138 | protocol=17 | dir=out | app=system |
"{D69411D7-B05E-4F77-8F4B-3AF04A2B727F}" = lport=139 | protocol=6 | dir=in | app=system |
"{DB102B00-3069-48F3-B9C8-D1765DE676F8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEC9925B-A78A-4418-91DA-6311E4736F67}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F082D662-4BCE-497C-8231-25E3AC1CCEE3}" = lport=137 | protocol=17 | dir=in | app=system |
"{FF364C05-D361-417F-A530-4BC2607A9FB4}" = rport=139 | protocol=6 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00506840-3ECA-443C-B3E2-6D6AFAAE40E9}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{0110D9A4-D57C-459E-B796-0D6D3A3737A9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdcpswx.exe |
"{01C0DAB3-452B-4678-9C22-CE1082171338}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{0B1D2B56-6C3E-42F5-9644-1CDB3735DD9D}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdccoms.exe |
"{100BC58C-6415-477A-9C6E-D78B18BBC365}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdctime.exe |
"{15898750-3A47-45CE-A42F-47830A06F96B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1300 series\app4r.exe |
"{160BAD2A-07C4-4F4F-9E74-23A8A5C1DCE9}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
"{16E2DA25-41A0-4FAA-A51A-C9CF93F26A4E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{194D95F7-DA4B-40B8-A9D7-F8A2859BFEA8}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{1B1C711B-720F-44FF-AB30-6C66EC7023F1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1DDFB3D3-E8CE-4BEE-9BE5-1707F0F972EB}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{21DE2150-D0CF-4C18-8E72-4065D732E666}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdctime.exe |
"{38286DD8-5CA4-4433-9807-4E3ECE1C0E74}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{447775E2-4EB6-4581-8640-E25A76D5672C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{4BFA4A0E-86B2-401A-84DC-3268D4654D6B}" = dir=in | app=c:\program files (x86)\avg\avg8\avgnsa.exe |
"{4E5D2E6F-E19C-41E6-8015-D5F1AADCDF8D}" = dir=in | app=c:\program files (x86)\avg\avg8\avgupd.exe |
"{58410AEA-E6F4-4A81-B7FA-993E1213C324}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{5854CB21-7BD0-4D30-BBD5-B7EA18D650F9}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{5E94031C-570A-4776-B0DC-D4AC2B835818}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{651ABC34-7482-496B-8F86-5D1CB4E3C999}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{69019A0F-A513-47F3-B7F6-358E26B03B10}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6AEBC53D-FD0C-4DEC-94CE-11A95D5CC715}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{6C1A449A-4889-41AD-9728-2618C42084F7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdcjswx.exe |
"{734FD059-CF27-49D4-9FF5-4A2F82F7C9CC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{800BDF12-EEE3-417A-B3AC-7AE348B8919D}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{80B1AF4E-6B79-4F83-9D9E-8133A0058958}" = dir=in | app=c:\program files (x86)\avg\avg8\avgemc.exe |
"{8C642CF8-E348-406A-AB3B-5BD68078640F}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{8CC45ACF-88FA-4CBA-994D-435FD500C8BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{90542756-4D47-4DF5-9D1F-46B99D032249}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdcpswx.exe |
"{91E86CCA-D204-46C2-8433-F55495997EA7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9FFF7E5F-748A-4E2B-AFCF-3A6E4F03FA8A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{AA14E4F7-70AD-4E58-8E17-0BD50F0F87C8}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{AB6ED07E-7ACB-4BC1-AC5C-1D1DBEBCD6CE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdcjswx.exe |
"{AEA52AC4-2878-4D65-8275-851D5E04E0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1300 series\lxdcamon.exe |
"{B7EC9980-1B88-4982-B892-32A9EBF9A0D0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC2D7AEE-1DD2-4387-B308-91B94198A34C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{F039BC00-D462-49D8-A61E-05450C449C45}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1300 series\app4r.exe |
"{F599F5FE-19EE-4FA8-BC69-DBEE4F384F06}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F65BA6E2-4C16-45C3-935E-687978DF7AA4}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{FA9D326E-DA82-4623-9AAA-C86FD76CE972}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdccoms.exe |
"{FCB317F8-1932-4744-B630-80F3316F82FC}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"TCP Query User{6304E44C-CE31-49C7-BD25-BD3D8C7CFDBF}C:\program files (x86)\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"TCP Query User{7D72CA3A-CC28-465A-AE7A-DEA5BEAE730B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{D24A1C5F-C544-4460-9AE4-539E347D2043}E:\kerry\limewire\limewire.exe" = protocol=6 | dir=in | app=e:\kerry\limewire\limewire.exe |
"UDP Query User{5D949837-8F1D-4E4E-85F4-FC6D497267FE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{C28CCE99-47E6-40CE-BD5D-62C69174ECA8}C:\program files (x86)\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe |
"UDP Query User{D6CC0485-561E-4DE0-9D0A-A1857A6AA819}E:\kerry\limewire\limewire.exe" = protocol=17 | dir=in | app=e:\kerry\limewire\limewire.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP190_series" = Canon MP190 series MP Drivers
"{39107B20-EA1C-4974-881C-607300BB3C99}" = MobileMe Control Panel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8912A802-1DD4-41F3-8450-B3209081BDB9}" = Sprint media manager
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"CanonMyPrinter" = Canon My Printer
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver


Report •

#9
March 4, 2010 at 20:03:11
Extras.txt
Second Half

---------------------------------------------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E924A2A-8FBC-4C84-8A3A-63FB386C9A29}_is1" = ClipMate 7
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{72EF21F6-6DF7-C5C5-3AEA-1C8F52E0AADD}" = Seesmic Desktop
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{93458438-F264-4A8B-B669-3E2CA1CC8AF0}" = Eudora
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E13B5C8D-00AF-4B62-A187-30A194E6567D}" = EudoraProject
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"BFGC" = Big Fish Games Client
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystery Case Files - Prime Suspects" = Mystery Case Files: Prime Suspects ™
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"BitZipper_is1" = BitZipper 2009
"BroadCam" = BroadCam Video Streaming Server
"Canon MP190 series User Registration" = Canon MP190 series User Registration
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1" = Seesmic Desktop
"Cool Timer_is1" = Cool Timer 3.6
"Debut" = Debut Video Capture Software
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn
"FileZilla Client" = FileZilla Client 3.3.2
"Free iPod Video Converter_is1" = Free iPod Video Converter V 2.91
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.0.0
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MP Navigator EX 1.2" = Canon MP Navigator EX 1.2
"Notepad++" = Notepad++
"Picasa 3" = Picasa 3
"VideoPad" = VideoPad Video Editor
"WinX Free iPod Video Converter_is1" = WinX Free iPod Video Converter 3.6.1
"XHeader" = XHeader
"XP Codec Pack" = XP Codec Pack

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2/26/2010 4:08:38 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 4:08:38 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 4:08:58 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 4:08:58 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 4:08:58 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 4:08:58 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 6:00:39 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 6:00:40 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\WinSxS\amd64_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_c46a533c8a667ee7\MFC80U.DLL".
Dependent
Assembly Microsoft.VC80.MFCLOC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2/26/2010 6:00:41 AM | Computer Name = Kim-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/26/2010 6:01:31 AM | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\Lavasoft\Ad-Aware\ShellExt_64.dll".
Dependent
Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 3/4/2010 9:01:25 PM | Computer Name = Kim-PC | Source = DCOM | ID = 10005
Description =

Error - 3/4/2010 9:01:25 PM | Computer Name = Kim-PC | Source = DCOM | ID = 10005
Description =

Error - 3/4/2010 9:01:25 PM | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/4/2010 9:01:25 PM | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/4/2010 9:01:58 PM | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/4/2010 9:01:59 PM | Computer Name = Kim-PC | Source = DCOM | ID = 10005
Description =

Error - 3/4/2010 9:01:59 PM | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 3/4/2010 10:23:44 PM | Computer Name = Kim-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 3/4/2010 10:23:44 PM | Computer Name = Kim-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 3/4/2010 10:24:15 PM | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


Report •


Ask Question