Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: need help cant do anything

  1. 2011-01-18, 03:30 #1
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Question need help cant do anything

    After my daughter was online playing games and watching utube when I started getting a very anoying popup. It claims to be a security shield. I have not down loaded anything today. I tried to follow your steps of backup and DDS and this program will not let it happen. I have them on my desktop but can not finnish the setup on them. what is going on and can you help me.
  2. 2011-01-22, 16:40 #2
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello mshaver and

    My name is JonTom

    what is going on
    Sound as though you may have been infected by a rogue security program.

    In order to find out exactly what is happening I will need to see some logs. I am not sure which operating system you have. If you are running Vista or Win7 please right click on all tool icons and select "Run as Administrator" to run them.

    I tried to follow your steps of backup and DDS and this program will not let it happen.
    Lets see if the following helps:


    1. rkill


      • Please download rkill (Courtesy of Bleepingcomputer.com).
      • There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
      • Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
      • Note: You only need to get one of the tools to run, not all of them.





      • Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

        Run rkill repeatedly until it's able to do it's job. This may take a few tries.

        You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.


      Once rkill has done its job please try DDS again and post the log created in your next reply.
    Proud Graduate of the WTT Classroom
  3. 2011-01-22, 18:38 #3
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Red face hopefully things are better

    Thank you for your reply TomTom. I have noticed a change in my situation, however I am not sure that this is a good thing or not. Spybot ran on its own and my problem got better I think. Also after spybot ran DDS ran on its own. It also keeps running on its own when I am idle for a few seconds. Is this normal. I am gpoing to post the origanal scan. I am very confused. Let me know if I forgot to do something. Although this computer is primarily used by the kids for gaming I do post items for sale on ebay for which I am taking a brake from to update my files and product picts. Wont be loading again to the site till spring though.



    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by TheMallGal at 10:35:16.25 on Thu 01/20/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2231 [GMT -6:00]

    AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    AV: avast! antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\atibtmon.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\CISVC.EXE
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
    C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    c:\PROGRA~2\mcafee.com\agent\mcagent.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\SpeedItup-Checkup\SpeedCheckUp.exe
    C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
    C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\THEMAL~1\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://forums.spybot.info/forumdisplay.php?f=22
    uDefault_Page_URL = hxxp://rover.ebay.com/rover/1/711-43047-14818-0/4?mfe=home&mpre=http%3A%2F%2Fwww.ebay.com
    uWindow Title = Windows Internet Explorer provided by eBay
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209b245l0344z1j5t47j2a28n
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209b245l0344z1j5t47j2a28n
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    uURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll
    mURLSearchHooks: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: eBay Toolbar Helper: {22d8e815-4a5e-4dfb-845e-aab64207f5bd} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    BHO: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: ShopAtHomeIEHelper Class: {e8daaa30-6caa-4b58-9603-8e54238219e2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    TB: eBay Toolbar: {92085ad4-f48a-450d-bd93-b28cc7df67ce} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll
    TB: NCH Toolbar: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: @c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll
    TB: ShopAtHome.com Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Google Update] "C:\Users\TheMallGal\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
    mRun: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [eBayToolbar] C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe
    mRun: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [PC-Checkup] "C:\SpeedItup-Checkup\SpeedCheckUp.exe" -mini
    mRun: [Bing Bar] "c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe"
    mRun: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\KODAKE~1.LNK - C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} - hxxp://www.worldwinner.com/games/v54/zengems/zengems.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
    DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
    DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
    DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
    DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} - hxxp://www.worldwinner.com/games/v45/moneylist/moneylist.cab
    DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
    DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} - hxxp://www.worldwinner.com/games/v56/trivialpursuit/trivialpursuit.cab
    DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
    DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} - hxxp://www.worldwinner.com/games/v63/bjattack/bja.cab
    DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
    DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
    DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {94299420-321F-4FF9-A247-62A23EBB640B} - hxxp://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
    DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
    DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
    DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} - hxxp://www.worldwinner.com/games/v68/clue/clue.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
    DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
    DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
    DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} - hxxp://www.worldwinner.com/games/v46/monopoly/monopoly.cab
    DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
    DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
    DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
    DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
    DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
    BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
    TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    mRun-x64: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [fssui] "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;C:\Windows\System32\drivers\aswSP.sys [2010-1-12 89680]
    R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-27 308296]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-12 22096]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-12 65616]
    R2 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-10 48488]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-27 102472]
    R3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-8-27 49480]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-27 40904]

    =============== Created Last 30 ================

    2011-01-17 23:45:53 329216 ----a-w- C:\Users\THEMAL~1\AppData\Local\gexhwuvvww.exe
    2011-01-17 02:11:09 -------- d-----w- C:\Program Files (x86)\Roblox
    2011-01-17 02:11:09 -------- d-----w- C:\PROGRA~3\Roblox
    2011-01-16 23:25:31 -------- d-----w- C:\Program Files (x86)\SelectRebates
    2011-01-11 15:43:21 -------- d-----w- C:\PROGRA~3\Beanbag Studios
    2011-01-08 23:09:18 -------- d-----w- C:\Users\THEMAL~1\AppData\Local\king.com
    2011-01-08 20:41:23 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\HB Studios
    2011-01-05 17:18:07 -------- d-----w- C:\PROGRA~3\Kristanix Games
    2011-01-05 16:13:04 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\Fever Frenzy
    2011-01-04 06:49:59 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
    2011-01-04 06:48:59 508264 ----a-w- C:\Windows\System32\d3dx10_36.dll
    2011-01-03 16:59:20 -------- d-----w- C:\PROGRA~3\FarmFrenzy3_Madagascar
    2011-01-02 08:34:43 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\Pogo Games
    2011-01-01 18:38:20 -------- d-----w- C:\PROGRA~3\FarmFrenzy3_Arctica
    2010-12-31 19:20:15 -------- d-----w- C:\PROGRA~3\Farm Fishes
    2010-12-30 23:00:58 -------- d-----w- C:\PROGRA~3\FarmFrenzy3
    2010-12-30 15:50:05 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\Gaijin Ent
    2010-12-30 02:08:09 -------- d-----w- C:\PROGRA~3\MumboJumbo
    2010-12-25 03:00:17 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\Virtual City
    2010-12-25 02:31:14 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\BlamGames
    2010-12-25 02:08:58 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\iWin_generic
    2010-12-25 02:08:58 -------- d-----w- C:\PROGRA~3\iWin_generic
    2010-12-25 01:08:12 -------- d-----w- C:\Users\THEMAL~1\AppData\Roaming\HU2011
    2010-12-25 00:41:20 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
    2010-12-25 00:41:20 -------- d-----w- C:\Program Files (x86)\ConduitEngine
    2010-12-24 02:42:27 -------- d-----w- C:\Users\THEMAL~1\AppData\Local\Plan It Green Files
    2010-12-24 02:08:57 -------- d-----w- C:\Program Files (x86)\WildGames
    2010-12-24 01:49:04 -------- d-----w- C:\Users\THEMAL~1\AppData\Local\Panda3D

    ==================== Find3M ====================

    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:12:53 1133568 ----a-w- C:\Windows\System32\FntCache.dll
    2010-11-02 05:12:25 1540608 ----a-w- C:\Windows\System32\DWrite.dll
    2010-11-02 05:12:08 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-11-02 05:12:07 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-11-02 05:12:06 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2010-11-02 05:12:06 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:35:51 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-11-02 04:35:35 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2010-11-02 04:35:34 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-11-02 04:35:34 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:35:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

    ============= FINISH: 10:37:29.96 ===============
  4. 2011-01-22, 23:02 #4
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello mshaver

    I am going to post the origanal scan
    Thank you for doing so. There are a few things that need to be taken care of (that I can see) and then I will require an up to-date-system scan with a different tool as you have a 64-bit system.

    I am very confused
    I appreciate how you must feel at the moment but don't worry - I'm going to try and help you out as best I can.

    Lets begin with the following:

    1. Security Programs


      • I can see from your log that you have a number of real-time security programs running, namely McAfee VirusScan and avast! antivirus.
      • Whilst both of these programs provide good security, they may clash with each other which can leave your system vulnerable to infection.
      • You are advised to remove one of these programs.
      • Please make sure that you only have ONE Firewall and ONE real-time Antivirus running on your system.


    2. Please scan the following files





      • On the page you'll find a "Browse" button.
      • Click on the Browse button.
      • In the Choose File to Upload window which opens, copy and paste this into the File Name box.



      C:\SpeedItup-Checkup\SpeedCheckUp.exe


      • Next, click the Open button.
      • Then click the "Send File" button just below.
      • This will scan the file. Please be patient.
      • If you get a message saying File has already been analyzed: click Reanalyze file now.
      • Once scanned, copy and paste the link to the results page in your next reply.
      • Please repeat this procedure for the following files:



      C:\Users\TheMallGal\AppData\Local\gexhwuvvww.exe


    3. Download and run OTL by Oldtimer


      • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
      • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
      • Check the boxes beside "LOP Check" and "Purity Check".
      • Under Custom Scan paste this in:


      • netsvcs
        %SYSTEMDRIVE%\*.exe
        /md5start
        eventlog.dll
        scecli.dll
        netlogon.dll
        cngaudit.dll
        sceclt.dll
        ntelogon.dll
        logevent.dll
        iaStor.sys
        nvstor.sys
        atapi.sys
        IdeChnDr.sys
        viasraid.sys
        AGP440.sys
        vaxscsi.sys
        nvatabus.sys
        viamraid.sys
        nvata.sys
        nvgts.sys
        iastorv.sys
        ViPrt.sys
        eNetHook.dll
        ahcix86.sys
        KR10N.sys
        nvstor32.sys
        ahcix86s.sys
        nvrd32.sys
        symmpi.sys
        adp3132.sys
        /md5stop
        %systemroot%\*. /mp /s
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\System32\config\*.sav
        %systemroot%\system32\drivers\*.sys /90
        CREATERESTOREPOINT


      • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.


      • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
      • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
      • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.


      It claims to be a security shield
      Are you still getting popups from the security shield rogue?

      Please post the Virus Total scan results in your next reply along with the OTL logs.

      NOTE: You may need to make more than one post to fit the required information in
    Proud Graduate of the WTT Classroom
  5. 2011-01-23, 03:44 #5
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Default requested scans

    SpeedCheckUp.exe

    http://www.virustotal.com/file-scan/...aac-1295737865


    gexhwuvvww.exe

    This is the file I noticed that I had concerns about.

    http://www.virustotal.com/file-scan/...1d0-1295744351


    OTL logfile created on: 1/22/2011 7:28:10 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\TheMallGal\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.78 Gb Total Space | 167.15 Gb Free Space | 75.71% Space Free | Partition Type: NTFS

    Computer Name: FROTTO | User Name: TheMallGal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2011/01/22 19:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TheMallGal\Desktop\OTL.exe
    PRC - [2010/11/12 17:27:20 | 000,273,672 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe
    PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
    PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/03/18 09:30:02 | 005,336,576 | ---- | M] (MicroSmarts LLC.) -- C:\SpeedItup-Checkup\SpeedCheckUp.exe
    PRC - [2010/01/27 08:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    PRC - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
    PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
    PRC - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
    PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
    PRC - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\msksrver.exe
    PRC - [2009/08/27 15:16:08 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/08/23 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2009/08/18 03:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/08/06 11:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
    PRC - [2009/08/06 11:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
    PRC - [2009/08/03 23:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
    PRC - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
    PRC - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
    PRC - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    PRC - [2009/06/17 18:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    PRC - [2009/04/16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
    PRC - [2009/03/19 09:12:38 | 000,632,048 | ---- | M] (eBay Inc.) -- C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe
    PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2004/12/13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/22 19:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TheMallGal\Desktop\OTL.exe
    MOD - [2010/08/20 23:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2010/05/20 03:49:58 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/05/04 09:22:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/11/24 17:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/11/24 17:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2009/11/24 17:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
    SRV:64bit: - [2009/11/24 17:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
    SRV:64bit: - [2009/11/04 16:47:32 | 000,155,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
    SRV:64bit: - [2009/10/28 11:50:32 | 000,696,848 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2009/08/05 22:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 19:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
    SRV:64bit: - [2009/07/03 19:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/07 14:29:24 | 001,359,876 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Program Files (x86)\NCH Software\Inventoria\inventoria.exe -- (InventoriaService)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/04/16 09:12:40 | 000,110,312 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/15 08:55:26 | 002,792,280 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2009/11/04 15:59:50 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
    SRV - [2009/10/29 06:54:44 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
    SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService)
    SRV - [2009/10/02 13:02:56 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service)
    SRV - [2009/08/23 20:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2009/08/06 11:18:54 | 000,311,592 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
    SRV - [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
    SRV - [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
    SRV - [2009/06/17 18:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2009/06/17 18:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2004/12/13 03:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/05/04 09:22:06 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/11/24 17:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2009/11/24 17:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2009/11/04 16:54:06 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2009/11/04 16:54:06 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
    DRV:64bit: - [2009/11/04 16:47:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
    DRV:64bit: - [2009/08/09 21:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/07/16 05:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/18 06:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/02 05:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2009/06/02 05:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2009/06/02 05:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2009/05/22 08:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/05/04 07:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/04/09 15:23:02 | 000,176,144 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP)
    DRV:64bit: - [2009/04/03 07:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2007/01/11 11:04:04 | 000,021,792 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iviaspi.sys -- (Iviaspi)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z1j5t47j2a28n
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...4z1j5t47j2a28n
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=...4z1j5t47j2a28n
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=...4z1j5t47j2a28n
    IE - HKLM\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rover.ebay.com/rover/1/711-43...2Fwww.ebay.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.google.com/ [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://forums.spybot.info/forumdisplay.php?f=22
    IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKCU\..\URLSearchHook: {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/01/11 15:04:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/21 06:49:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/21 06:49:57 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2010/05/08 09:47:37 | 000,393,152 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 www.123fporn.info
    O1 - Hosts: 13575 more lines...
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
    O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (eBay Toolbar Helper) - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (@c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\npwinext.dll (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (eBay Toolbar) - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (NCH Toolbar) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (NCH Toolbar) - {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - C:\Program Files (x86)\NCH\tbNC1.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
    O4 - HKLM..\Run: [Bing Bar] c:\Program Files (x86)\MSN Toolbar\Platform\6.3.2380.0\mswinext.exe (Microsoft Corp.)
    O4 - HKLM..\Run: [eBayToolbar] C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTBDaemon.exe (eBay Inc.)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PC-Checkup] C:\SpeedItup-Checkup\SpeedCheckUp.exe (MicroSmarts LLC.)
    O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8:64bit: - Extra context menu item: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O8 - Extra context menu item: eBay Search - C:\Program Files (x86)\eBay\eBay Toolbar2\eBayTb.dll (eBay Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {038E2507-7A48-41E2-94AD-7F23D199AF4E} http://www.worldwinner.com/games/v54...ms/zengems.cab (ZenGems Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47...m/skillgam.cab (SkillGam Control)
    O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47...amesLoader.cab (FunGamesLoader Object)
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} http://www.worldwinner.com/games/v48...t/brickout.cab (Brickout Control)
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} http://www.worldwinner.com/games/v50/pool/pool.cab (Pool Control)
    O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinner.com/games/v45.../moneylist.cab (MoneyList Control)
    O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47...itairerush.cab (SolitaireRush Control)
    O16 - DPF: {4AB16005-E995-4A60-89DE-8B8A3E6EB5B0} http://www.worldwinner.com/games/v56...ialpursuit.cab (TrivialPursuit Control)
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53...s/wwhearts.cab (WWHearts Control)
    O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} http://www.worldwinner.com/games/v63/bjattack/bja.cab (BJA Control)
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} http://www.worldwinner.com/games/v56...rsolitaire.cab (SpiderSolitaire Control)
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} http://www.worldwinner.com/games/v49.../blockwerx.cab (Blockwerx Control)
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} http://www.worldwinner.com/games/v56...y/jeopardy.cab (Jeopardy Control)
    O16 - DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} http://www.worldwinner.com/games/v41...l/freecell.cab (FreeCell Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/lau...0/iewwload.cab (WorldWinner ActiveX Launcher Control)
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/pl...p3dactivex.cab (P3DActiveX Control)
    O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46...o/wordmojo.cab (WordMojo Control)
    O16 - DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} http://www.worldwinner.com/games/v51...weledtwist.cab (BejeweledTwist Control)
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} http://www.worldwinner.com/games/v57/cubis/cubis.cab (Cubis Control)
    O16 - DPF: {A021A215-6CDC-44B4-8C16-90491CED9605} http://www.worldwinner.com/games/v68/clue/clue.cab (Clue Control)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} http://www.worldwinner.com/games/v50/luxor/luxor.cab (WwLuxor Control)
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinner.com/games/v41...an/hangman.cab (Hangman Control)
    O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46...y/monopoly.cab (Monopoly Control)
    O16 - DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} http://www.worldwinner.com/games/v42...y/tilecity.cab (Tilecity Control)
    O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
    O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinner.com/games/v52.../dinerdash.cab (DinerDash Control)
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45.../mysterypi.cab (MysteryPI Control)
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinner.com/games/v43/paint/paint.cab (Paint Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44...ol/golfsol.cab (GolfSol Control)
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54...s/wwspades.cab (WWSpades Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.219.3 64.71.208.7
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/22 19:24:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\TheMallGal\Desktop\OTL.exe
    [2011/01/22 16:58:41 | 000,000,000 | R--D | C] -- C:\Users\TheMallGal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
    [2011/01/17 20:19:22 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\TheMallGal\Desktop\erunt-setup.exe
    [2011/01/17 07:44:21 | 000,944,488 | ---- | C] (WildTangent) -- C:\Users\TheMallGal\Desktop\Setup-acer.exe
    [2011/01/16 20:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
    [2011/01/16 20:11:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Roblox
    [2011/01/16 20:11:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roblox
    [2011/01/16 17:25:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SelectRebates
    [2011/01/13 13:46:23 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\Documents\Unemployment
    [2011/01/13 11:47:24 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\Documents\Taxes
    [2011/01/13 09:39:24 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\Mozilla
    [2011/01/12 14:50:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\unemployment
    [2011/01/12 05:45:28 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
    [2011/01/12 05:45:27 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
    [2011/01/12 05:45:27 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
    [2011/01/12 05:45:27 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
    [2011/01/12 05:45:27 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
    [2011/01/12 05:45:27 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
    [2011/01/12 05:45:26 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
    [2011/01/12 05:45:26 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
    [2011/01/12 05:45:26 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
    [2011/01/12 05:45:25 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
    [2011/01/12 05:45:25 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
    [2011/01/12 05:45:25 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
    [2011/01/12 05:45:25 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
    [2011/01/12 05:45:24 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
    [2011/01/12 05:45:24 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2011/01/12 05:45:24 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
    [2011/01/12 05:45:24 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
    [2011/01/12 05:45:24 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
    [2011/01/12 05:45:24 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2011/01/12 05:45:24 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
    [2011/01/12 05:45:11 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
    [2011/01/12 05:45:11 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
    [2011/01/11 09:43:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Beanbag Studios
    [2011/01/08 17:09:18 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Local\king.com
    [2011/01/08 14:41:23 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\HB Studios
    [2011/01/08 14:36:50 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\Documents\Saved Games
    [2011/01/05 11:18:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
    [2011/01/05 10:13:04 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\Fever Frenzy
    [2011/01/04 00:50:19 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
    [2011/01/04 00:50:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
    [2011/01/04 00:50:18 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
    [2011/01/04 00:50:14 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
    [2011/01/04 00:50:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
    [2011/01/04 00:50:11 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
    [2011/01/04 00:50:11 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
    [2011/01/04 00:50:09 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
    [2011/01/04 00:50:09 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
    [2011/01/04 00:50:05 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
    [2011/01/04 00:50:05 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
    [2011/01/04 00:50:01 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
    [2011/01/04 00:50:01 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
    [2011/01/04 00:49:59 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
    [2011/01/04 00:49:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
    [2011/01/04 00:49:55 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
    [2011/01/04 00:49:55 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
    [2011/01/04 00:49:55 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
    [2011/01/04 00:49:53 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
    [2011/01/04 00:49:53 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
    [2011/01/04 00:49:51 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
    [2011/01/04 00:49:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
    [2011/01/04 00:49:49 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
    [2011/01/04 00:49:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
    [2011/01/04 00:49:49 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
    [2011/01/04 00:49:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
    [2011/01/04 00:49:45 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
    [2011/01/04 00:49:45 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
    [2011/01/04 00:49:43 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
    [2011/01/04 00:49:43 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
    [2011/01/04 00:49:43 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
    [2011/01/04 00:49:43 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
    [2011/01/04 00:49:38 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
    [2011/01/04 00:49:38 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
    [2011/01/04 00:49:34 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
    [2011/01/04 00:49:34 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
    [2011/01/04 00:49:30 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
    [2011/01/04 00:49:30 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
    [2011/01/04 00:49:30 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
    [2011/01/04 00:49:30 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
    [2011/01/04 00:49:27 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
    [2011/01/04 00:49:27 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
    [2011/01/04 00:49:24 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
    [2011/01/04 00:49:24 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
    [2011/01/04 00:49:24 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
    [2011/01/04 00:49:24 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
    [2011/01/04 00:49:21 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
    [2011/01/04 00:49:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
    [2011/01/04 00:49:15 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
    [2011/01/04 00:49:15 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
    [2011/01/04 00:49:14 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
    [2011/01/04 00:49:14 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
    [2011/01/04 00:49:13 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
    [2011/01/04 00:49:13 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
    [2011/01/04 00:49:12 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
    [2011/01/04 00:49:12 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
    [2011/01/04 00:49:11 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
    [2011/01/04 00:49:11 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
    [2011/01/04 00:49:11 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
    [2011/01/04 00:49:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
    [2011/01/04 00:49:10 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
    [2011/01/04 00:49:10 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
    [2011/01/04 00:49:07 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
    [2011/01/04 00:49:07 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
    [2011/01/04 00:49:06 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
    [2011/01/04 00:49:06 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
    [2011/01/04 00:49:05 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
    [2011/01/04 00:49:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
    [2011/01/04 00:49:04 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
    [2011/01/04 00:49:04 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
    [2011/01/04 00:49:04 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
    [2011/01/04 00:49:04 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
    [2011/01/04 00:49:02 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
    [2011/01/04 00:49:02 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
    [2011/01/04 00:49:01 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
    [2011/01/04 00:49:01 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
    [2011/01/04 00:48:59 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
    [2011/01/04 00:48:59 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
    [2011/01/04 00:48:59 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
    [2011/01/04 00:48:59 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
    [2011/01/04 00:48:55 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
    [2011/01/04 00:48:55 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
    [2011/01/04 00:48:48 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
    [2011/01/04 00:48:48 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
    [2011/01/04 00:48:44 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
    [2011/01/04 00:48:44 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
    [2011/01/04 00:48:44 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
    [2011/01/04 00:48:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
    [2011/01/04 00:48:40 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
    [2011/01/04 00:48:40 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
    [2011/01/04 00:48:36 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
    [2011/01/04 00:48:36 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
    [2011/01/04 00:48:35 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
    [2011/01/04 00:48:35 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
    [2011/01/04 00:48:32 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
    [2011/01/04 00:48:32 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
    [2011/01/04 00:48:32 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
    [2011/01/04 00:48:32 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
    [2011/01/04 00:48:30 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
    [2011/01/04 00:48:30 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
    [2011/01/04 00:48:30 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
    [2011/01/04 00:48:30 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
    [2011/01/04 00:48:28 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
    [2011/01/04 00:48:28 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
    [2011/01/04 00:48:28 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
    [2011/01/04 00:48:28 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
    [2011/01/04 00:48:27 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
    [2011/01/04 00:48:27 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
    [2011/01/04 00:48:26 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
    [2011/01/04 00:48:26 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
    [2011/01/04 00:48:25 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
    [2011/01/04 00:48:25 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
    [2011/01/04 00:48:23 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
    [2011/01/04 00:48:23 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
    [2011/01/04 00:48:22 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
    [2011/01/04 00:48:22 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
    [2011/01/04 00:48:19 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
    [2011/01/04 00:48:19 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
    [2011/01/04 00:48:19 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
    [2011/01/04 00:48:19 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
    [2011/01/04 00:48:18 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
    [2011/01/04 00:48:18 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
    [2011/01/04 00:48:17 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
    [2011/01/04 00:48:17 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
    [2011/01/04 00:48:16 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
    [2011/01/04 00:48:16 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
    [2011/01/04 00:48:15 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
    [2011/01/04 00:48:15 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
    [2011/01/04 00:48:14 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
    [2011/01/04 00:48:14 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
    [2011/01/04 00:48:13 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
    [2011/01/04 00:48:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
    [2011/01/04 00:48:02 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
    [2011/01/04 00:48:02 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
    [2011/01/04 00:47:58 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
    [2011/01/04 00:47:58 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
    [2011/01/04 00:47:58 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
    [2011/01/04 00:47:58 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
    [2011/01/04 00:47:57 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
    [2011/01/04 00:47:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
    [2011/01/04 00:47:56 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
    [2011/01/04 00:47:56 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
    [2011/01/04 00:47:55 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
    [2011/01/04 00:47:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
    [2011/01/04 00:47:53 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
    [2011/01/04 00:47:53 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
    [2011/01/04 00:47:52 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
    [2011/01/04 00:47:52 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
    [2011/01/04 00:47:50 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
    [2011/01/04 00:47:50 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
    [2011/01/03 10:59:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Madagascar
    [2011/01/02 02:34:43 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\Pogo Games
    [2011/01/02 02:04:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Midnight Pool 3D
    [2011/01/01 12:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Arctica
    [2010/12/31 13:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Farm Fishes
    [2010/12/30 17:00:58 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3
    [2010/12/30 09:50:05 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\Gaijin Ent
    [2010/12/29 20:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\MumboJumbo
    [2010/12/24 21:00:17 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\Virtual City
    [2010/12/24 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\BlamGames
    [2010/12/24 20:08:58 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\iWin_generic
    [2010/12/24 20:08:58 | 000,000,000 | ---D | C] -- C:\ProgramData\iWin_generic
    [2010/12/24 19:08:12 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Roaming\HU2011
    [2010/12/24 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConduitEngine
    [2010/12/23 23:23:01 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\Documents\My Games
    [2010/12/23 20:42:27 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Local\Plan It Green Files
    [2010/12/23 20:08:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WildGames
    [2010/12/23 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\TheMallGal\AppData\Local\Panda3D
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
  6. 2011-01-23, 03:47 #6
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Default Part 2 requested scans

    ========== Files - Modified Within 30 Days ==========

    [2011/01/22 19:25:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\TheMallGal\Desktop\OTL.exe
    [2011/01/22 18:43:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3603647532-43573430-2328191572-1003UA.job
    [2011/01/22 18:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/22 17:00:54 | 000,044,558 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
    [2011/01/22 16:58:27 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/22 16:58:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/22 09:43:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3603647532-43573430-2328191572-1003Core.job
    [2011/01/22 08:02:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/22 08:02:52 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/22 07:56:26 | 000,000,632 | RHS- | M] () -- C:\Users\TheMallGal\ntuser.pol
    [2011/01/22 07:54:30 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/21 18:35:15 | 000,000,508 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for TheMallGal.job
    [2011/01/17 23:25:22 | 000,000,559 | ---- | M] () -- C:\Windows\wininit.ini
    [2011/01/17 20:20:58 | 000,624,128 | ---- | M] () -- C:\Users\TheMallGal\Desktop\dds.scr
    [2011/01/17 20:19:23 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\TheMallGal\Desktop\erunt-setup.exe
    [2011/01/17 18:12:10 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
    [2011/01/17 17:45:53 | 000,329,216 | ---- | M] () -- C:\Users\TheMallGal\AppData\Local\gexhwuvvww.exe
    [2011/01/17 07:44:23 | 000,944,488 | ---- | M] (WildTangent) -- C:\Users\TheMallGal\Desktop\Setup-acer.exe
    [2011/01/16 20:08:31 | 000,000,117 | ---- | M] () -- C:\Users\TheMallGal\jagex_runescape_preferences2.dat
    [2011/01/16 20:07:52 | 000,000,034 | ---- | M] () -- C:\Users\TheMallGal\jagex_runescape_preferences.dat
    [2011/01/15 01:20:00 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
    [2011/01/13 20:43:16 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
    [2011/01/13 13:16:16 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/01/11 10:02:19 | 000,000,074 | ---- | M] () -- C:\Windows\popcinfo.dat
    [2011/01/01 02:10:32 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
    [2010/12/24 20:31:15 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
    [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/01/17 20:20:45 | 000,624,128 | ---- | C] () -- C:\Users\TheMallGal\Desktop\dds.scr
    [2011/01/17 17:46:06 | 000,000,888 | ---- | C] () -- C:\Users\TheMallGal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Shield.lnk
    [2011/01/17 17:45:53 | 000,329,216 | ---- | C] () -- C:\Users\TheMallGal\AppData\Local\gexhwuvvww.exe
    [2011/01/16 20:07:29 | 000,000,117 | ---- | C] () -- C:\Users\TheMallGal\jagex_runescape_preferences2.dat
    [2011/01/16 20:06:45 | 000,000,034 | ---- | C] () -- C:\Users\TheMallGal\jagex_runescape_preferences.dat
    [2011/01/13 09:38:59 | 000,000,928 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3603647532-43573430-2328191572-1003UA.job
    [2011/01/13 09:38:57 | 000,000,876 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3603647532-43573430-2328191572-1003Core.job
    [2010/12/24 20:31:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2010/10/20 17:21:50 | 000,000,559 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/06/28 11:27:03 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
    [2010/05/05 16:40:52 | 000,000,358 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/05/04 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Acer
    [2010/12/24 20:31:14 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\BlamGames
    [2010/05/10 09:48:38 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\eBay
    [2011/01/05 10:13:18 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Fever Frenzy
    [2010/12/30 09:50:05 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Gaijin Ent
    [2011/01/08 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\HB Studios
    [2010/12/24 19:14:27 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\HU2011
    [2010/06/28 11:11:24 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\InterVideo
    [2010/11/02 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\iWin
    [2010/12/24 20:08:58 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\iWin_generic
    [2010/05/04 23:12:29 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Leadertech
    [2010/12/15 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Mean Hamster Software
    [2010/12/14 12:22:03 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Namco
    [2010/12/21 20:10:04 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\PlayFirst
    [2011/01/02 02:34:43 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Pogo Games
    [2010/05/06 18:39:37 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Skinux
    [2010/10/08 07:05:56 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Stamps.com Internet Postage
    [2010/12/24 21:01:40 | 000,000,000 | ---D | M] -- C:\Users\TheMallGal\AppData\Roaming\Virtual City
    [2011/01/13 20:43:16 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
    [2011/01/15 01:20:00 | 000,000,342 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
    [2011/01/01 02:10:32 | 000,000,320 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
    [2011/01/02 10:33:04 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
    [2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
    [2009/07/13 19:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

    < MD5 for: ATAPI.SYS >
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
    [2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

    < MD5 for: CNGAUDIT.DLL >
    [2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
    [2009/07/13 19:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
    [2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
    [2009/07/13 19:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

    < MD5 for: IASTORV.SYS >
    [2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
    [2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
    [2009/07/13 19:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

    < MD5 for: NETLOGON.DLL >
    [2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
    [2009/07/13 19:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
    [2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
    [2009/07/13 19:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

    < MD5 for: NVSTOR.SYS >
    [2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
    [2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
    [2009/07/13 19:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

    < MD5 for: SCECLI.DLL >
    [2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
    [2009/07/13 19:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
    [2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
    [2009/07/13 19:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >

    < %systemroot%\system32\drivers\*.sys /90 >

    < >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

    < End of report >




    OTL Extras logfile created on: 1/22/2011 7:28:10 PM - Run 1
    OTL by OldTimer - Version 3.2.20.4 Folder = C:\Users\TheMallGal\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 63.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 220.78 Gb Total Space | 167.15 Gb Free Space | 75.71% Space Free | Partition Type: NTFS

    Computer Name: FROTTO | User Name: TheMallGal | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{28396F3C-8668-DFF2-A804-9D062FFC832C}" = ATI Catalyst Install Manager
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver 14.0 Rel. 6
    "{A25AACF4-3E3C-1CBB-79D9-EFD8E1930629}" = ccc-utility64
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BA4F08D1-4578-461E-890A-6F9606F26131}" = AMD64Bit
    "{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0074B4B3-C0D7-7A17-091A-BBA813E51049}" = Catalyst Control Center InstallProxy
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
    "{0AF5C213-08EE-4ACC-49A0-7E65D47E1A45}" = CCC Help Norwegian
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28F59BA3-83B9-3714-F95B-5A5D8F94C494}" = CCC Help Swedish
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
    "{37728851-BF17-F49E-D5C7-82F1BC8493D3}" = CCC Help Portuguese
    "{37C5A56A-00EA-347B-B7A1-5628BED56702}" = Google Talk Plugin
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
    "{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar Featuring Yahoo!
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{43B8DF67-8A24-24B8-B4CC-C4B93B0686B6}" = Catalyst Control Center Core Implementation
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D62CB5C-9802-B71F-221D-BF7555CCEC85}" = ccc-core-static
    "{4EAB59A6-57A9-9657-18EC-9A4621D05929}" = CCC Help Finnish
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{580FD318-3C9C-4461-E4FB-0E2A38DC638E}" = CCC Help Polish
    "{5C0DBEC5-8065-B035-A455-FA6C43D98508}" = CCC Help Dutch
    "{5E7D3E0B-EF05-4520-87AB-136026CBCCE5}" = Stamps.com Address Book Support for Lotus Organizer 97, GS, 5.0, 6.0
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
    "{68D770EE-E8C9-B4C9-443F-4D5EF8665125}" = Catalyst Control Center Graphics Full New
    "{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B08DAA4-C42E-0C16-7140-DDD3C271F7FF}" = CCC Help Czech
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
    "{72887F99-63B9-4e73-8C1B-D5057597BF49}" = Stamps.com Address Book Support for Windows Contacts for Vista
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A0C264-BAC3-8E5B-55C0-9EACE1FCA057}" = CCC Help Hungarian
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7D8C616A-12DF-AAD6-C043-3C57174F5F49}" = CCC Help French
    "{7DC3BB1D-FFFE-4E32-9CB9-AD80141DDC65}" = Stamps.com Address Book Support for Daytimer Organizer 98
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
    "{831AA8FB-B67A-48E0-95FF-D609BC31AF0C}" = Stamps.com Address Book Support for ACT! 3.05 - 6.0
    "{8767A9F8-5087-3704-8E30-8CA7AFBF8B97}" = CCC Help Russian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
    "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97DC9110-51B2-C8A8-2F6B-CF8FBA7396D1}" = CCC Help Spanish
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A587F25-193D-910F-9082-BBE17EF87539}" = CCC Help German
    "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9E404AA6-7C63-4D95-B8D2-72256ABB6A9E}" = Stamps.com Address Book Support for Outlook Express, Works, IE
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
    "{A223A058-7687-3E5D-54B9-E45DAB6EE567}" = Catalyst Control Center Graphics Full Existing
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A781C17D-32F6-6233-E68F-14542DE237D4}" = CCC Help Korean
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2E28F9D-94CE-D9D2-93FA-5552C1F58B08}" = CCC Help Greek
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
    "{B86C9440-82D7-423C-9FEC-6CB3092D1AA4}" = Bing Bar Platform
    "{BE0C8089-BE6E-466D-A79E-E5D2AE089FE9}" = Stamps.com Application Support for Corel WordPerfect 9
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAD11AD0-1B89-4DE0-B050-F4B0488B2A60}" = Stamps.com Address Book Support for Intuit QuickBooks 2004-2009
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
    "{D00324C0-5343-4917-BF1E-D5E45D22B7E8}" = Stamps.com Address Book Support for Common Harmony
    "{D096F3EC-8EAA-FF1E-B749-D1708C9F87F0}" = CCC Help English
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1F10861-5F22-90B4-D4C5-AC8196A21938}" = CCC Help Italian
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000-2010
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DCD9F8DD-42C5-6D6D-BDDF-CE609875C086}" = CCC Help Chinese Traditional
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E2135936-D52F-4569-B7B1-366DE16475C5}" = Stamps.com Application Support for Corel WordPerfect 8
    "{E4883419-4E93-76E1-44D6-27B29AA87172}" = CCC Help Chinese Standard
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E954C9D1-1751-4AE9-A5B6-C172034B96A8}" = Stamps.com Address Book Support for Schedule Plus 7.x
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F5063CAA-8117-D930-11D9-71845F72BC46}" = CCC Help Thai
    "{F6219B8C-C04B-B0B4-EB96-70FCBFA719FF}" = CCC Help Danish
    "{F6B3AEA4-445B-CDC2-B6E2-1ED86A1FC558}" = Catalyst Control Center Localization All
    "{F797575F-0BAE-B1AB-2537-950DF0390722}" = CCC Help Turkish
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FD5A88CC-30FE-BCFE-9489-3E3FE3EDF3BD}" = Catalyst Control Center Graphics Light
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE45CB53-B92E-1314-AD13-F957DA71C049}" = CCC Help Japanese
    "Acer Assist" = Acer Assist
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast!" = avast! Antivirus
    "Bookworm Deluxe 1.03" = Bookworm Deluxe 1.03
    "Diner Dash 2" = Diner Dash 2
    "Google Chrome" = Google Chrome
    "GridVista" = Acer GridVista
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
    "Inventoria" = Inventoria Stock Manager
    "king.com" = king.com (remove only)
    "LManager" = Launch Manager
    "Luxor" = Luxor (remove only)
    "MSC" = McAfee SecurityCenter
    "NCH Toolbar" = NCH Toolbar
    "NSS" = Norton Security Scan
    "SelectRebatesUninstall" = ShopAtHome.com Toolbar
    "Speeditup-Checkup" = Speeditup-Checkup
    "Stamps.com support for ACT! 3.05 - 6.0" = Stamps.com support for ACT! 3.05 - 6.0
    "Stamps.com support for Corel WordPerfect 8" = Stamps.com support for Corel WordPerfect 8
    "Stamps.com support for Corel WordPerfect 9" = Stamps.com support for Corel WordPerfect 9
    "Stamps.com support for Daytimer Organizer 98" = Stamps.com support for Daytimer Organizer 98
    "Stamps.com support for Harmony" = Stamps.com support for Harmony
    "Stamps.com support for Intuit QuickBooks 2004-2009" = Stamps.com support for Intuit QuickBooks 2004-2009
    "Stamps.com support for Lotus Organizer 97, GS, 5.0, 6.0" = Stamps.com support for Lotus Organizer 97, GS, 5.0, 6.0
    "Stamps.com support for Microsoft Word 2000-2010" = Stamps.com support for Microsoft Word 2000-2010
    "Stamps.com support for Outlook Express, Works, IE" = Stamps.com support for Outlook Express, Works, IE
    "Stamps.com support for Schedule Plus 7.x" = Stamps.com support for Schedule Plus 7.x
    "Stamps.com support for Windows Contacts for Vista" = Stamps.com support for Windows Contacts for Vista
    "UnityWebPlayer" = Unity Web Player
    "WildTangent acer Master Uninstall" = Acer Games
    "WinLiveSuite" = Windows Live Essentials
    "WT077491" = Jane's Zoo
    "WT077596" = Chuzzle Deluxe
    "WT077609" = Diner Dash
    "WT077647" = Insaniquarium Deluxe
    "WT077781" = Wheel of Fortune 2
    "WT079382" = World of Goo
    "WT079805" = Farm Frenzy 2
    "WT079951" = Turbo Pizza
    "WT080212" = Age of Castles
    "WT080309" = Bistro Stars
    "WT080444" = Clash'N Slash
    "WT080542" = Doggie Dash
    "WT080651" = Digby's Donuts
    "WT080744" = Fruit Lockers
    "WT080797" = Gold Miner Vegas
    "WT080872" = Ice Breaker
    "WT080941" = Lemonade Tycoon 2
    "WT081103" = Shrek 2 Ogre Bowler
    "WT081226" = Risk
    "WT081230" = Roller Rush
    "WT081424" = Spelvin
    "WT081516" = The Scruffs
    "WT081524" = Tornado Jockey
    "WT081597" = Westward
    "WT081726" = World of Zoo Animal Creator Demo
    "WT083614" = Plants vs. Zombies
    "WT083727" = Farm Frenzy 3 - American Pie
    "WT084058" = Cat Wash
    "WT089022" = Farm Frenzy 3 - Russian Roulette
    "WTA-009e6b7d-b13b-4389-9e79-51ddc24ae985" = Zombie Bowl-o-Rama
    "WTA-05ff20b2-af22-4bbb-a249-73420c6d9f1b" = Way to Go! Bowling
    "WTA-069c08c1-400d-4a2b-ae52-3e7e2ad50630" = SpongeBob Diner Dash 2
    "WTA-0769abcb-8614-446f-8670-d29f12e790d0" = Virtual City
    "WTA-08998ae6-4a3d-48f9-a18d-29a110d741a2" = Hunting Unlimited 2011
    "WTA-1385211c-98a9-4491-873a-5deacdbb807c" = Plan It Green
    "WTA-160d6705-88f3-45c2-98ff-4a177093f513" = Mahjongg Artifacts
    "WTA-17a3961a-39f4-402c-afe1-477e2d75adeb" = Burger Shop 2
    "WTA-1993ed41-adf4-467f-b3f9-d0243bed16d0" = Polar Bowler
    "WTA-1999f1a4-0163-429e-9ddf-dece086554ee" = Ancient Tripeaks
    "WTA-1c231c6e-57a3-47f2-93a8-e378d24432b7" = BurgerTime Deluxe
    "WTA-1c32bb16-7438-4e19-bdca-333ed90ca8cd" = Brain Training for Dummies
    "WTA-273c6536-c0b6-42f0-8ae3-64d79f3650ff" = Polar Golfer
    "WTA-27cbb182-deb3-444c-82ba-b1da8068085f" = Diner Dash Hometown Hero
    "WTA-334b7bc3-5f39-46c7-af36-70c1666d696a" = Mahjong Quest 3
    "WTA-3357e570-7656-4809-99da-8068fde541aa" = Polar Pool
    "WTA-3641af63-7882-4964-886c-7ababfda5364" = Smash Frenzy 3
    "WTA-3a9efcb6-6cc1-4583-a93b-ed1bfcf23526" = Diner Dash 5 - Boom! The Collector's Edition
    "WTA-3f74d1cb-b070-46c7-9b53-9cee88858958" = Super Collapse 3
    "WTA-40b4b55e-b9c0-4109-afb2-0d44fe34a63e" = Farm Frenzy: Gone Fishing
    "WTA-41d4553d-e453-4d8e-8229-803977c4128f" = Dynomite
    "WTA-43c31697-d226-4b60-bb00-c4571aacbf79" = Ancient Tri-Jong
    "WTA-52a1568b-6de8-4e9a-8f61-47c2f920db68" = Farm Frenzy - Pizza Party
    "WTA-55307481-221e-4045-9271-fcc4935260b3" = Feeding Frenzy 2
    "WTA-56bf63cb-8372-426d-b9e9-3a37a8a49adb" = Kelly Green - Garden Queen
    "WTA-6bde77b4-bb0c-4941-9927-699482aa762c" = Farm Frenzy
    "WTA-6ffa867c-99ea-4102-b09a-4f9b36fc951d" = Tropical Farm
    "WTA-76161f68-7539-4fd2-b945-d3c3dd2a59f6" = Avenue Flo
    "WTA-770e2482-aa09-4da8-b41f-9ff914a6c1fa" = Cake Mania: To the Max
    "WTA-8371dfb3-474d-4f9c-abc2-5625e451c3d9" = Cake Mania
    "WTA-92d7af2e-53d9-4843-9f3c-7c05b8ecccfb" = Diner Dash - Flo on the Go
    "WTA-933aef4b-f907-4cc2-9ca6-737ac725af9d" = Christmasville
    "WTA-979fc189-5c77-47b3-89f3-e11d52c8c037" = Farm Frenzy 3 - Ice Age
    "WTA-9dd4d71c-734f-4323-b341-3d06ca0688f7" = Backyard Sports - Sandlot Sluggers
    "WTA-9ff78745-11f1-4eca-bccb-c61e6db1a142" = Elf Bowling 7 1/7: The Last Insult
    "WTA-a02ff600-4dd1-4e6a-9fcc-10cb7e6c0706" = Dream Cars
    "WTA-a44b26ba-e756-472f-b0e3-c4299bef71f5" = Golf Adventure Galaxy
    "WTA-b233ac3e-d1a3-4ab2-a895-1e9d5ae30804" = Spyde Solitaire
    "WTA-b53fe0e8-80a8-4685-924a-0765e550a4e0" = Feeding Frenzy
    "WTA-b95e7f2b-5aa6-4067-8d9a-9ebdf9929f1d" = Diner Dash - Flo Through Time
    "WTA-bd46b56d-cc5e-4200-a3b7-2d03a1d4f333" = Ancient Spiders Solitaire
    "WTA-c1f87101-8b95-4fe5-93a0-ba21a3c3cc9a" = Burger Shop
    "WTA-c6ec68e1-3fec-4d92-9d7f-50ff893436d3" = SpongeBob Diner Dash
    "WTA-c7aa3763-0cde-4620-9151-343cac54cfaa" = Farm Frenzy 3 - Madagascar
    "WTA-cda09a7b-a133-4149-a865-a8d27e6a7838" = Hoyle Card Games
    "WTA-d168499d-e95b-4613-9655-19e797050b16" = Fever Frenzy
    "WTA-d234fad7-9712-4d5f-81a1-dd0c2fa7571b" = House of Cards
    "WTA-d4838b33-6aec-40ff-9c45-a5c5d59ece8b" = GameHouse Solitaire Challenge
    "WTA-d5195b87-63e9-42dd-b7a1-5d34889d6945" = Escape the Museum
    "WTA-d862272f-60c0-471c-aa8c-d5a2433d25b1" = Fantastic Farm
    "WTA-dabda9de-a7a4-4d79-b570-cd50184a4e89" = Ancient Tripeaks 2
    "WTA-db7d0627-a0a9-496f-86d3-17e406079532" = Mah Jong Quest
    "WTA-dcc942df-81c9-4e79-8550-d8959179e7fc" = Diner Dash - Seasonal Snack Pack
    "WTA-e055a400-b090-43f5-81aa-7cd47dc98ab2" = Farm Frenzy 3
    "WTA-e60f5287-96df-4438-856d-6fb0bd026d1b" = Aloha TriPeaks
    "WTA-ec3e5572-3887-453e-a498-653d9aedfc1e" = Mah Jong Medley
    "WTA-f4d24f38-c394-42ad-85d3-cb9ae66d8ecc" = Polar Golfer Pineapple Cup
    "WTA-f66244a7-293d-4ac8-865a-11b34efc1f99" = Jewel Quest Solitaire 3
    "WTA-f86432cf-9b76-4072-a26b-6d44766978fb" = Cafe Mahjongg
    "WTA-f9514239-4b14-47c8-8b6b-b100a61123f4" = Midnight Pool 3D
    "WTA-fa9dc535-47aa-4270-9250-4008813cdd7f" = Hotel Dash - Suite Success
    "Zuma Deluxe 1.0" = Zuma Deluxe 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Stamps.com" = Stamps.com

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/9/2011 8:28:09 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 46816

    Error - 1/9/2011 8:28:25 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/9/2011 8:28:25 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 62416

    Error - 1/9/2011 8:28:25 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 62416

    Error - 1/9/2011 8:28:40 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/9/2011 8:28:40 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 78016

    Error - 1/9/2011 8:28:40 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 78016

    Error - 1/12/2011 9:46:42 AM | Computer Name = frotto | Source = Application Error | ID = 1000
    Description = Faulting application name: FarmFrenzy3_Arctica.exe, version: 0.5.0.0,
    time stamp: 0x4b4d93e4 Faulting module name: FarmFrenzy3_Arctica.exe, version: 0.5.0.0,
    time stamp: 0x4b4d93e4 Exception code: 0xc0000005 Fault offset: 0x0fc319ef Faulting
    process id: 0xd60 Faulting application start time: 0x01cbb2016b857605 Faulting application
    path: C:\Program Files (x86)\WildGames\Farm Frenzy 3 - Ice Age\FarmFrenzy3_Arctica.exe
    Faulting
    module path: C:\Program Files (x86)\WildGames\Farm Frenzy 3 - Ice Age\FarmFrenzy3_Arctica.exe
    Report
    Id: 62acea19-1e52-11e0-8275-0026222b63a2

    Error - 1/15/2011 9:09:52 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/15/2011 9:09:52 PM | Computer Name = frotto | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1280

    [ Media Center Events ]
    Error - 10/20/2010 5:38:47 PM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 4:38:43 PM - Error connecting to the internet. 4:38:43 PM - Unable
    to contact server..

    Error - 10/22/2010 9:10:22 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 8:10:21 AM - Error connecting to the internet. 8:10:22 AM - Unable
    to contact server..

    Error - 10/22/2010 9:10:39 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 8:10:27 AM - Error connecting to the internet. 8:10:27 AM - Unable
    to contact server..

    Error - 10/25/2010 10:52:52 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 9:52:52 AM - Error connecting to the internet. 9:52:52 AM - Unable
    to contact server..

    Error - 10/25/2010 10:53:12 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 9:52:57 AM - Error connecting to the internet. 9:52:57 AM - Unable
    to contact server..

    Error - 10/25/2010 10:05:44 PM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 9:05:44 PM - Error connecting to the internet. 9:05:44 PM - Unable
    to contact server..

    Error - 10/25/2010 10:05:55 PM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 9:05:49 PM - Error connecting to the internet. 9:05:49 PM - Unable
    to contact server..

    Error - 10/26/2010 8:41:29 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 7:41:29 AM - Error connecting to the internet. 7:41:29 AM - Unable
    to contact server..

    Error - 10/26/2010 8:41:45 AM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 7:41:34 AM - Error connecting to the internet. 7:41:34 AM - Unable
    to contact server..

    Error - 10/27/2010 3:57:31 PM | Computer Name = frotto | Source = MCUpdate | ID = 0
    Description = 2:57:23 PM - Error connecting to the internet. 2:57:23 PM - Unable
    to contact server..

    [ System Events ]
    Error - 1/21/2011 9:09:37 PM | Computer Name = frotto | Source = BROWSER | ID = 8032
    Description =

    Error - 1/21/2011 10:26:41 PM | Computer Name = frotto | Source = bowser | ID = 8003
    Description =

    Error - 1/21/2011 10:31:39 PM | Computer Name = frotto | Source = BROWSER | ID = 8032
    Description =

    Error - 1/22/2011 1:00:34 AM | Computer Name = frotto | Source = bowser | ID = 8003
    Description =

    Error - 1/22/2011 9:54:39 AM | Computer Name = frotto | Source = atikmdag | ID = 52236
    Description = CPLIB :: General - Invalid Parameter

    Error - 1/22/2011 9:54:42 AM | Computer Name = frotto | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the avast!
    Antivirus service to connect.

    Error - 1/22/2011 9:54:42 AM | Computer Name = frotto | Source = Service Control Manager | ID = 7000
    Description = The avast! Antivirus service failed to start due to the following
    error: %%1053

    Error - 1/22/2011 9:58:56 AM | Computer Name = frotto | Source = bowser | ID = 8003
    Description =

    Error - 1/22/2011 10:28:48 AM | Computer Name = frotto | Source = bowser | ID = 8003
    Description =

    Error - 1/22/2011 12:01:10 PM | Computer Name = frotto | Source = BROWSER | ID = 8032
    Description =


    < End of report >
  7. 2011-01-23, 03:52 #7
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Default requested scans part 3

    Just fyi

    I did not delete one of the programs you requested yet. they are both inactive at the moment. Didnt have the funding to renew . I was hoping to get a recomendation if possible. Also thank you so much for your valuable time.
  8. 2011-01-23, 17:12 #8
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello mshaver

    Thank you for the logs.

    I did not delete one of the programs you requested yet. they are both inactive at the moment. Didnt have the funding to renew . I was hoping to get a recomendation if possible.
    Please uninstall one of them now. Once we have finished cleaning your machine I will provide some links to a number of trustworthy, free anti virus programs.

    Do you use "Speeditup-Checkup"? I am having trouble finding information about this product which is why I asked you to scan it. If you do not use this program I would suggest that you uninstall it.

    This is the file I noticed that I had concerns about
    Yes, that file has to go. Please do the following:


    1. Please disable Spybot Teatimer


      • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
      • On the left hand side, click "Tools", then click on the "Resident" icon in the list.
      • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active" box.
      • Click the "System Startup" icon in the List.
      • Uncheck the "TeaTimer" box and "OK" any prompts.
      • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
      • Exit Spybot S&D when done.


    2. Please open OTL


      • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

        Code:
        :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - [2010/11/01 15:15:12 | 000,886,752 | ---- | M] () -- C:\Program Files (x86)\SelectRebates\SelectRebates.exe
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files (x86)\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files (x86)\SelectRebates\SelectRebates.exe ()
[2011/01/17 17:45:53 | 000,329,216 | ---- | M] () -- C:\Users\TheMallGal\AppData\Local\gexhwuvvww.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] 
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2

:Files
C:\Program Files (x86)\SelectRebates

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

      • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
      • Allow the program to run unhindered.
      • Your machine will re-start itself. This is normal.
      • A log will be created after your machine reboots. Please post the contents of the log in your next reply.


    3. Please perform the following scan:


      • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.


      • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
      • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
      • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
      • Click on the "Update" tab and then on "Check for Updates".
      • The program will now install the latest Malware definition files.
      • Once complete, click on the "Scanner" tab, select "Perform Full Scan"and then click on "Scan".
      • Once the program has scanned your computer, a log file will be created in Notepad.
      • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.



      • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
      • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
      • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
      • Come back here to this thread and Paste the log in your next reply.


      Please post the OTL log and the MBAM log in your next reply
    Proud Graduate of the WTT Classroom
  9. 2011-01-23, 19:44 #9
    mshaver
    mshaver is offline
    Member mshaver's Avatar
    Join Date
    Jul 2008
    Location
    Kansas
    Posts
    46

    Default error message

    I uninstalled Avast Antivirus. Required system restart.
    Then I unchecked resident tea timer but was not found in system startup.
    Next I followed steps for OTL, as it was running this error message popped up and OTL did not finnish

    access violation at address oo5cc7ED in module OTL.exe'. Read of address 00000000.

    I have done nothing more
  10. 2011-01-24, 00:42 #10
    JonTom
    JonTom is offline
    Senior Member
    Join Date
    Apr 2010
    Posts
    463

    Default

    Hello mshaver

    Thank you for letting me know.

    Please download a fresh copy of OTL from here and try the script again. If OTL gives you the same error message please come back and let me know
    Proud Graduate of the WTT Classroom
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules