Solved Malware / Virus Attack

[Resolved] Malware / Virus Attack

Yesterday morning I was sitting at my computer with firefox open and all of a sudden my PC started to get pop ups seemingly coming up from everywhere telling me my pc was under attack. I wasn't downloading anything and wasn't using any programs at the time (and didn't run anything either).

For an hour my pc was unusable as it was as if my space bar or enter key was just constantly being pushed, pop ups coming up telling me to pay to clean my pc (which I just closed each time), redirections in Internet Explorer (which I never use). I eventually was able to get my malwarebytes program to run and it found quite a few viruses / malware. The pc eventually started to act normal again but I have since run malwarebytes and avast and have found some more dodgy files, which I quarantined.

The pc seems fine now but I think it is running a little slower than normal. Here are the logs from the DDS program:

BTW, my pc is around 6 months old (running windows 7) and has never had any malware / virus issues before.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Glen and Tam at 12:09:28.89 on Sun 22/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.61.1033.18.3959.1238 [GMT 10:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Glen and Tam\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conhost.exe
c:\program files (x86)\blp\api\office tools\bxlaui.exe
c:\program files (x86)\blp\api\office tools\bxlartd.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\LogonUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Glen and Tam\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files (x86)\vuze_remote\tbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [googletalk] c:\users\glen and tam\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [MtdAcqu] "c:\program files (x86)\creative\mediasource5\MtdAcqu.exe" /s
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AlcoholAutomount] "c:\program files (x86)\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [CLRHost] c:\program files (x86)\blp\api\office tools\bbxlcmd.exe
uRun: [nasmcrwoex.exe] "c:\users\glenan~1\appdata\local\temp\nasmcrwoex.exe "
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\acer backup manager\BackupManagerTray.exe" -h -k
mRun: [Hotkey Utility] c:\program files (x86)\acer\hotkey utility\HotkeyUtility.exe
mRun: [EgisTecLiveUpdate] "c:\program files (x86)\egistec egis software update\EgisUpdate.exe "
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ArcadeDeluxeAgent] "c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe "
mRun: [PlayMovie] "c:\program files (x86)\acer arcade deluxe\playmovie\PMVService.exe "
mRun: [avast!] "c:\program files\alwil software\avast4\ashDisp.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe "
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files (x86)\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\glenan~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
mRun-x64: [mwlDaemon] c:\program files (x86)\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun-x64: [IAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-4-7 52856]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-3-20 89680]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-7 202752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-20 22096]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-3-20 65616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-3-20 138680]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x64.sys [2010-3-21 19432]
R2 Greg_Service;GRegService;c:\program files (x86)\acer\registration\GregHSRW.exe [2009-8-28 1150496]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2009-10-7 191000]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\drivers\TurboB.sys [2009-8-7 13784]
R2 TVService;TVService;c:\program files (x86)\team mediaportal\mediaportal tv server\TvService.exe [2010-2-20 188416]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\intel\intel(r) management engine components\uns\UNS.exe [2010-1-7 2314240]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2009-11-19 240160]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-3-20 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-3-20 352920]
R3 AVer7231_x64;AVerMedia 7231 capture service;c:\windows\system32\drivers\AVer7231_x64.sys [2009-11-19 1622528]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-11-19 283824]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2010-8-1 137608]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-11-19 56344]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2009-10-7 327704]
R3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\drivers\lvuvc64.sys [2009-10-7 6379288]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-3-19 135664]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-8-13 62208]
S2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
S3 EUDSKACS;EUDSKACS;c:\windows\syswow64\drivers\eudskacs.sys [2010-8-1 17800]
S3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 MWLService;MyWinLocker Service;c:\program files (x86)\egistec\mywinlocker 3\x86\MWLService.exe [2009-9-10 305448]
S3 TurboBoost;TurboBoost;c:\program files\intel\turboboost\TurboBoost.exe [2009-8-7 118672]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-6 1255736]

=============== Created Last 30 ================

2010-08-19 23:44:58 722382 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-08-19 23:30:13 0 d-----w- c:\users\glenan~1\appdata\roaming\2F8B603C2C4A1A9B1072D8A1D47353AD
2010-08-15 10:23:29 0 d-----w- c:\programdata\NCH Software
2010-08-15 10:23:14 0 d-----w- c:\program files (x86)\NCH Software
2010-08-15 10:23:02 0 d-----w- c:\users\glenan~1\appdata\roaming\NCH Software
2010-08-15 10:20:00 0 d-----w- c:\program files (x86)\AC3File
2010-08-12 11:53:58 4314 ----a-w- C:\DVD_VIDEO_RECORDER.MDS
2010-08-12 10:50:47 4298080256 ----a-w- C:\DVD_VIDEO_RECORDER.ISO
2010-08-07 09:24:09 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-07 09:24:09 0 d-----w- c:\program files\iTunes
2010-08-07 09:24:09 0 d-----w- c:\program files\iPod
2010-08-01 02:39:30 137608 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-08-01 02:39:24 0 d-----w- c:\program files (x86)\EASEUS

==================== Find3M ====================

2010-08-20 21:42:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-10 20:23:42 192484 ----a-w- c:\program files (x86)\common files\Acer GameZone online.ico
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-19 12:04:47 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-20 13:48:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-21 07:22:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052120100522\index.dat
2010-05-22 07:52:24 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052220100523\index.dat
2010-05-23 08:22:23 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010052320100524\index.dat
2010-04-30 04:06:55 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010043020100501\index.dat
2010-04-30 04:09:01 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2010-04-30 04:09:01 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2010-04-30 04:09:01 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2010-04-30 04:01:00 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:10:15.09 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/03/2010 5:35:43 PM
System Uptime: 21/08/2010 7:42:21 AM (29 hours ago)

Motherboard: Acer | | H57M01
Processor: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz | CPU 1 | 2656/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 458 GiB total, 371.426 GiB free.
D: is FIXED (NTFS) - 459 GiB total, 67.855 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM (CDFS)
L: is FIXED (NTFS) - 466 GiB total, 135.541 GiB free.
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&E605FC2&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&E605FC2&0
Service: i8042prt

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&E605FC2&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&E605FC2&0
Service: i8042prt

==== System Restore Points ===================

RP107: 1/08/2010 11:54:14 AM - Configured PowerCinema
RP108: 1/08/2010 12:39:37 PM - Device Driver Package Install: EASEUS System devices
RP109: 3/08/2010 2:32:58 AM - Windows Update
RP110: 6/08/2010 2:32:50 AM - Windows Update
RP111: 11/08/2010 4:29:12 AM - Windows Update
RP112: 13/08/2010 4:29:23 AM - Windows Update
RP113: 14/08/2010 4:29:10 AM - Windows Update
RP114: 17/08/2010 3:19:14 AM - Windows Update
RP115: 20/08/2010 3:53:10 AM - Windows Update
RP117: 20/08/2010 9:41:03 AM - Windows Defender Checkpoint

==== Installed Programs ======================

AC3File 0.6b
Acer Arcade Deluxe
Acer Backup Manager
Acer eRecovery Management
Acer GameZone Console
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 7.0
Adobe Reader 9.3.3 MUI
Advertising Center
Air Mouse Server
Air TV
Air Video Server 2.2.5
Alice Greenfingers
Alt.Binz 0.25.0
Amazonia
AMD DnD V1.0.19
Apple Application Support
Apple Software Update
µTorrent
Audacity 1.3.12 (Unicode)
avast! Antivirus
Backup Manager Advance
Bloomberg Excel Tools
Bloomberg Keyboard v10.5
Bloomberg PFM Upload Tool for Microsoft Excel
Bloomberg Professional Service
Bloomberg SFD Data Dictionary
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chicken Invaders 2
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
ConvertXtoDVD 3.6.4.158
Creative MediaSource 5
Crysis WARHEAD(R)
Dairy Dash
Dream Day First Home
e-tax 2010
EASEUS Todo Backup 1.1
eSobi v2
Farm Frenzy 2
First Class Flurry
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Granny In Paradise
Heroes of Hellas
Hotkey Utility
Identity Card
ImagXpress
ImgBurn
Intel(R) Management Engine Components
iPhoneBrowser
Java Auto Updater
Java(TM) 6 Update 18
JMicron JMB36X Driver
Junk Mail filter update
K-Lite Codec Pack 5.8.3 (Standard)
Logitech Vid
Malwarebytes' Anti-Malware
MediaCoder x64 0.7.3.4640
MediaPortal
MediaPortal TV Server / Client
Merriam Websters Spell Jam
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework 2.0 Core Components (x86) ENU
Microsoft Sync Framework 2.0 Provider Services (x86) ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Online Backup
nzb
Orb
Orb Runtime libraries
plist Editor for Windows 1.0.2
Portal
QuickTime
Race Driver 3
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Skypeâ„¢ 4.2
Star Wars Battlefront II
Steam
Switch Sound File Converter
SyncToy 2.1 (x86)
System Requirements Lab
TrackMania Nations Forever
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Vegas Pro 9.0
VideoPad Video Editor
Vuze
Vuze_Remote Toolbar
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver

==== Event Viewer Messages From Past Week ========

21/08/2010 9:15:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer STEWARTS-POWERB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{43347C32-BBE3-41ED-A66E-DCD0B53F2D39}. The master browser is stopping or an election is being forced.
21/08/2010 7:43:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NTI IScheduleSvc service to connect.
21/08/2010 7:43:13 AM, Error: Service Control Manager [7000] - The NTI IScheduleSvc service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/08/2010 8:32:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TVService service to connect.
15/08/2010 8:32:43 AM, Error: Service Control Manager [7000] - The TVService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================

 

Hi and welcome to WindowsBBS forums .

====

Please post the MBA-M log.

=========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Here are the malwarebytes log files.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/08/2010 9:58:36 AM
mbam-log-2010-08-20 (09-58-36).txt

Scan type: Quick scan
Objects scanned: 127391
Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elevocalolacihir (Trojan.Agent.U) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ymomes (Trojan.Agent.U) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\mlsapr.dll (Trojan.Agent.U) -> Delete on reboot.
C:\Users\Glen and Tam\AppData\Local\upeyapevafiyupa.dll (Trojan.Agent.U) -> Delete on reboot.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/08/2010 1:54:07 PM
mbam-log-2010-08-20 (13-54-07).txt

Scan type: Full scan (C:\|D:\|L:\|)
Objects scanned: 406809
Time elapsed: 1 hour(s), 19 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\elevocalolacihir (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ymomes (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fgmsgr[1].exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\gds_dsk[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\spc_dsk[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\fgmsgr[1].exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\gds_dsk[1].exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\spc_dsk[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Data\Install Files\Sony Vegas 9\crack vegas 9\Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/08/2010 4:31:02 PM
mbam-log-2010-08-20 (16-31-02).txt

Scan type: Quick scan
Objects scanned: 143450
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lisrweau (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roxngbvr (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Glen and Tam\AppData\Roaming\2F8B603C2C4A1A9B1072D8A1D47353AD\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\lgxhsnrta\yxrwtebshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\chfgsgsmc\ygwvbqkshdw.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\elevat.dll (Trojan.Bamital) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\excmwarnso.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\lqrog.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\mkcxhunr.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\wtpvaae.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\xjoqojgw.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Glen (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20/08/2010 7:37:07 PM
mbam-log-2010-08-20 (19-37-07).txt

Scan type: Quick scan
Objects scanned: 143374
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/08/2010 8:27:39 AM
mbam-log-2010-08-21 (08-27-39).txt

Scan type: Quick scan
Objects scanned: 143163
Time elapsed: 2 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4453

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21/08/2010 9:53:10 AM
mbam-log-2010-08-21 (09-53-10).txt

Scan type: Full scan (C:\|L:\|)
Objects scanned: 381570
Time elapsed: 53 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K3S8ONN\qhysq[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5K3S8ONN\vzgbidyje[2].htm (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80XMDL5G\cgbvd[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80XMDL5G\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\80XMDL5G\newsecureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFA81R43\mqupjickr[1].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LFA81R43\nezgb[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X9KH7H9T\cgbvd[2].htm (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.




I just realised it was 2 days ago I first had the problem - not yesterday.

 

OTL logfile created on: 8/22/2010 1:14:51 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Glen and Tam\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.45 Gb Total Space | 371.43 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive D: | 458.96 Gb Total Space | 67.86 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 683.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.75 Gb Total Space | 135.54 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Computer Name: GLENANDTAM-PC
Current User Name: Glen and Tam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
PRC - [2010/08/01 10:26:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/01 10:26:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/23 10:03:50 | 000,093,696 | ---- | M] () -- c:\Program Files (x86)\blp\API\Office Tools\bxlaui.exe
PRC - [2010/06/23 09:44:28 | 000,029,696 | ---- | M] (Bloomberg LP) -- c:\Program Files (x86)\blp\API\Office Tools\bxlartd.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 09:48:40 | 000,754,288 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2010/02/20 02:49:30 | 000,188,416 | ---- | M] (Team MediaPortal) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
PRC - [2009/11/25 09:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/19 07:56:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/12 11:48:50 | 000,469,536 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/11/11 02:40:54 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/11/03 17:56:34 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 05:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/14 05:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/10/01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/10 23:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/13 08:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/04 15:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/27 10:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/02/07 11:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/01/02 07:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Glen and Tam\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/03/08 07:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe


========== Modules (SafeList) ==========

MOD - [2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/11/18 15:45:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/07 08:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/06/29 15:43:16 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/07 08:51:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/20 02:49:30 | 000,188,416 | ---- | M] (Team MediaPortal) [Auto | Running] -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe -- (TVService)
SRV - [2009/12/24 07:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/14 05:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/10/01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/10 23:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/26 04:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/13 09:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 10:23:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/07 08:50:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/20 18:37:55 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/02 12:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/11/25 09:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/25 09:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/18 16:21:18 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/29 18:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/14 05:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 11:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 19:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/24 23:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/08/07 08:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 10:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 10:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2007/09/26 00:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2009/12/02 12:21:00 | 000,026,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\sysWow64\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\sysWow64\drivers\eubakup.sys -- (EUBAKUP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 19:22:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/07 19:22:42 | 000,000,000 | ---D | M]

[2010/05/27 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions
[2010/05/27 00:01:43 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/05/27 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/06/21 12:16:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/07 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/28 23:44:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/28 23:44:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/28 23:44:43 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/28 23:44:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/29 14:55:05 | 000,000,988 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [CLRHost] C:\Program Files (x86)\blp\API\Office Tools\bbxlcmd.exe ()
O4 - HKCU..\Run: [googletalk] C:\Users\Glen and Tam\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [nasmcrwoex.exe] C:\Users\Glen and Tam\AppData\Local\Temp\nasmcrwoex.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/03 05:27:56 | 000,000,051 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/03/21 21:18:34 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/10/03 19:38:52 | 000,000,000 | ---D | M] - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b4c24f96-5348-11df-b321-90fba62e7ea1}\Shell - " " = AutoRun
O33 - MountPoints2\{b4c24f96-5348-11df-b321-90fba62e7ea1}\Shell\AutoRun\command - " " = K:\LaunchBFII.exe -- [2005/09/24 08:54:10 | 000,557,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

(EDIT - This is the second part of the OTL log file - for some reason it didn't let me post the first part but that is now a couple of posts below). I am also now reposting the malwarebytes logs below as well

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/22 13:13:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
[2010/08/20 10:29:11 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\New folder
[2010/08/20 09:32:11 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\{80C5DC41-37C1-45FC-BCED-89C6DF765047}
[2010/08/20 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\chfgsgsmc
[2010/08/20 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\lgxhsnrta
[2010/08/20 09:30:20 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Windows Server
[2010/08/20 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\2F8B603C2C4A1A9B1072D8A1D47353AD
[2010/08/15 20:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/08/15 20:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/08/15 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\NCH Software
[2010/08/15 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3File
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/07 19:23:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/07 19:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/01 12:39:55 | 000,026,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eufs.sys
[2010/08/01 12:39:31 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eubakup.sys
[2010/08/01 12:39:31 | 000,017,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eudskacs.sys
[2010/08/01 12:39:30 | 000,137,608 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuDisk.sys
[2010/08/01 12:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2010/07/21 20:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2010/07/21 20:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPodRobot
[2010/07/15 21:15:24 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Bloomberg
[2010/07/15 20:37:37 | 001,331,200 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\SysWow64\ATCPanel.cpl
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2010/07/15 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blp
[2010/07/15 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\ICAClient
[2010/07/15 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Citrix
[2010/07/10 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\Paradise Lost
[2010/07/03 09:47:05 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\Audacity
[2010/07/03 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/06/29 17:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010/06/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\TrackMania
[2010/06/28 20:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SyncToy 2.1
[2010/06/28 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/06/18 19:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/18 00:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/18 00:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/18 00:04:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/18 00:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/18 00:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/18 00:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/18 00:03:00 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Microsoft Help
[2010/06/18 00:02:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/16 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoneBrowser
[2010/06/15 19:20:06 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\100APPLE
[2010/06/07 19:53:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/04 20:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/06/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/01 22:20:04 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\SightSpeed Recordings
[2010/05/27 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Broad Intelligence
[2010/05/26 23:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/05/25 20:49:48 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\Downloads
[2010/05/24 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\Glens Shortcuts
[2010/03/20 18:37:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.sys
[2009/11/19 07:40:11 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 90 Days ==========

[2010/08/22 13:15:16 | 003,145,728 | -HS- | M] () -- C:\Users\Glen and Tam\ntuser.dat
[2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
[2010/08/22 12:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 12:09:01 | 000,525,824 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\dds.scr
[2010/08/22 09:22:38 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 09:22:38 | 000,622,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 09:22:38 | 000,108,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 17:12:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/21 13:55:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/21 07:52:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 07:52:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 07:44:40 | 000,113,232 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/21 07:42:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/21 07:42:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/21 07:42:28 | 3113,533,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 00:24:15 | 003,059,208 | -H-- | M] () -- C:\Users\Glen and Tam\AppData\Local\IconCache.db
[2010/08/21 00:18:35 | 000,813,843 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Roaming\vso_ts_preview.xml
[2010/08/20 09:44:58 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/20 09:32:12 | 000,000,120 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Local\Ovujafisequpal.dat
[2010/08/20 09:32:12 | 000,000,000 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Local\Cjapebiweyifeg.bin
[2010/08/18 07:38:22 | 000,001,033 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/15 20:23:15 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2010/08/12 21:53:58 | 003,112,959 | ---- | M] () -- C:\DVD_VIDEO_RECORDER.ISO
[2010/08/12 21:53:58 | 000,004,314 | ---- | M] () -- C:\DVD_VIDEO_RECORDER.MDS
[2010/08/08 20:32:56 | 002,297,917 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Pug sings Batman theme-GrIp3k5pJQM-3.mp4
[2010/08/07 19:24:19 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/07 19:22:39 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/01 12:39:30 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/07/21 20:49:39 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/15 20:38:11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\BLOOMBERG.lnk
[2010/07/09 21:02:14 | 000,076,360 | ---- | M] () -- C:\Users\Glen and Tam\Documents\GLEN2010.TAX
[2010/07/09 20:52:08 | 000,074,848 | ---- | M] () -- C:\Users\Glen and Tam\Documents\GLEN2010.BAK
[2010/07/09 17:10:04 | 000,073,176 | ---- | M] () -- C:\Users\Glen and Tam\Documents\TAM2010.TAX
[2010/07/09 17:07:29 | 000,072,184 | ---- | M] () -- C:\Users\Glen and Tam\Documents\TAM2010.BAK
[2010/07/09 15:50:41 | 000,001,555 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\e-tax 2010.lnk
[2010/07/03 09:46:59 | 000,001,050 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/01 11:06:40 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/30 12:25:00 | 006,778,880 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\etax2010_1.msi
[2010/06/29 15:46:15 | 000,000,221 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\TrackMania Nations Forever.url
[2010/06/21 21:30:01 | 000,000,531 | ---- | M] () -- C:\Windows\win.ini
[2010/06/21 20:01:46 | 000,434,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 20:16:41 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010/06/08 20:16:41 | 000,001,606 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Mobile Applications - Shortcut.lnk
[2010/06/08 20:16:41 | 000,000,896 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\MediaCoder x64.lnk
[2010/06/08 20:06:27 | 000,166,615 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\THRASS-picturechaart.jpg
[2010/06/08 20:04:47 | 000,159,555 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Paper Fewster.pdf
[2010/06/08 20:04:44 | 001,912,713 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\1R.pdf

========== Files Created - No Company Name ==========

[2010/08/22 12:09:00 | 000,525,824 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\dds.scr
[2010/08/20 09:44:58 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/20 09:32:12 | 000,000,120 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\Ovujafisequpal.dat
[2010/08/20 09:32:12 | 000,000,000 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\Cjapebiweyifeg.bin
[2010/08/18 07:38:22 | 000,001,033 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/15 20:23:15 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2010/08/12 21:53:58 | 000,004,314 | ---- | C] () -- C:\DVD_VIDEO_RECORDER.MDS
[2010/08/12 20:50:47 | 003,112,959 | ---- | C] () -- C:\DVD_VIDEO_RECORDER.ISO
[2010/08/08 20:32:39 | 002,297,917 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Pug sings Batman theme-GrIp3k5pJQM-3.mp4
[2010/08/07 19:24:19 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/07 19:22:39 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/01 12:39:30 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/07/21 20:49:39 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/15 20:38:11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\BLOOMBERG.lnk
[2010/07/15 20:37:35 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\UNWISE.EXE
[2010/07/09 19:58:06 | 000,076,360 | ---- | C] () -- C:\Users\Glen and Tam\Documents\GLEN2010.TAX
[2010/07/09 19:58:06 | 000,074,848 | ---- | C] () -- C:\Users\Glen and Tam\Documents\GLEN2010.BAK
[2010/07/03 09:46:59 | 000,001,050 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 11:31:36 | 000,073,176 | ---- | C] () -- C:\Users\Glen and Tam\Documents\TAM2010.TAX
[2010/07/02 11:31:36 | 000,072,184 | ---- | C] () -- C:\Users\Glen and Tam\Documents\TAM2010.BAK
[2010/06/30 12:27:44 | 000,001,555 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\e-tax 2010.lnk
[2010/06/30 12:24:52 | 006,778,880 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\etax2010_1.msi
[2010/06/29 15:46:15 | 000,000,221 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\TrackMania Nations Forever.url
[2010/06/08 20:06:27 | 000,166,615 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\THRASS-picturechaart.jpg
[2010/06/08 20:04:45 | 000,159,555 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Paper Fewster.pdf
[2010/06/08 20:04:32 | 001,912,713 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\1R.pdf
[2010/06/08 19:08:52 | 000,001,606 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Mobile Applications - Shortcut.lnk
[2010/05/26 23:46:22 | 000,000,896 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\MediaCoder x64.lnk
[2010/05/19 20:17:45 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/10 22:18:08 | 000,000,017 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\resmon.resmoncfg
[2010/04/07 19:58:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/06 13:20:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/04 22:25:24 | 001,228,854 | ---- | C] () -- C:\ProgramData\OrbError.bmp
[2010/04/03 17:09:36 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI
[2010/03/20 18:38:42 | 000,813,843 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\vso_ts_preview.xml
[2010/03/20 18:38:28 | 000,000,034 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.log
[2010/03/20 18:37:55 | 000,099,384 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\inst.exe
[2010/03/20 18:37:55 | 000,007,859 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.cat
[2010/03/20 18:37:55 | 000,001,167 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.inf
[2010/03/19 20:14:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/07 23:39:51 | 000,008,461 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/11/19 07:39:50 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/23 22:25:44 | 000,000,000 | -HSD | M] -- C:\Users\Glen and Tam\AppData\Roaming\.#
[2010/08/20 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\2F8B603C2C4A1A9B1072D8A1D47353AD
[2010/07/03 10:18:31 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Audacity
[2010/08/14 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Azureus
[2010/05/27 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Broad Intelligence
[2010/04/29 14:38:38 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\DAEMON Tools Pro
[2010/03/23 22:25:13 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\GameConsole
[2010/07/15 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\ICAClient
[2010/05/30 10:34:58 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\ImgBurn
[2010/04/06 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Leadertech
[2010/05/04 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\NCH Swift Sound
[2010/03/20 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\PowerCinema
[2010/04/03 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Publish Providers
[2010/03/19 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\SoftDMA
[2010/04/03 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Sony
[2010/03/21 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\SystemRequirementsLab
[2010/08/15 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\uTorrent
[2010/08/21 00:18:36 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Vso
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/08/21 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2009/07/14 15:08:49 | 000,020,770 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/07 19:20:25 | 041,702,735 | ---- | M] (Creative Technology Ltd) -- C:\CMS5_PCAPP_LB_5_10_38.exe
[2009/12/02 06:37:22 | 093,234,472 | ---- | M] (Apple Inc.) -- C:\iTunesSetup.exe
[2009/12/26 21:11:00 | 014,520,392 | ---- | M] () -- C:\MediaCoder_iPod_0.7.1.4490.exe
[2009/12/15 18:49:58 | 041,839,904 | ---- | M] () -- C:\setupeng.exe
[2009/12/24 12:57:12 | 000,564,211 | ---- | M] () -- C:\SetupiPhoneBrowser.1.93.exe
[2009/12/24 10:08:00 | 008,755,648 | ---- | M] (Vuze Inc.) -- C:\Vuze_Installer.exe


< MD5 for: AGP440.SYS >
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 11:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 11:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 11:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 11:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2009/10/14 05:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/10/14 05:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/10/14 05:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastor.inf_amd64_neutral_b02a0635da01252b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2009/07/14 11:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 11:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 11:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 11:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 11:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 11:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 11:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 11:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 11:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009/07/14 11:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
[2009/08/17 22:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FM20.DLL
[2009/07/14 11:16:13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll

< %systemroot%\System32\config\*.sav >
< End of report >

 

OTL Extras logfile created on: 8/22/2010 1:14:51 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Glen and Tam\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 44.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.45 Gb Total Space | 371.43 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive D: | 458.96 Gb Total Space | 67.86 Gb Free Space | 14.78% Space Free | Partition Type: NTFS
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 683.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.75 Gb Total Space | 135.54 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Computer Name: GLENANDTAM-PC
Current User Name: Glen and Tam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0DA20600-6130-443B-9D4B-F30520315FA6}" = Bonjour Print Services
"{23170F69-40C1-2702-0913-000001000000}" = 7-Zip 9.13 (x64 edition)
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{34F43E2A-9462-133B-068F-B6D9015616EB}" = ATI AVIVO64 Codecs
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{46035FCA-633D-8E15-24EE-B6E5359B0AE2}" = ccc-utility64
"{561AB451-B967-475C-80E0-3B6679C38B52}" = MySQL Server 5.1
"{6B559E62-24D2-D29C-2C02-26B671BDA8A1}" = ATI Catalyst Install Manager
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.53.1
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"NVIDIA Drivers" = NVIDIA Drivers
"Ultravnc2_is1" = UltraVNC 1.0.8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{071FC582-37F8-8726-C70A-0B3EBEE11B57}" = Catalyst Control Center Graphics Previews Vista
"{129F4B4F-968D-3843-93A0-A0C5DB613584}" = CCC Help German
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20643D71-C655-C070-47AD-24F291B3E1E8}" = Catalyst Control Center Core Implementation
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2C73EAA3-3B76-2145-D3F8-0A8AF4DCB5C1}" = CCC Help Turkish
"{2F6DE91F-47B3-0824-D007-F9EDFA055E7C}" = CCC Help Finnish
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C6920EF-0089-3A24-9F9D-9A346AB2813F}" = Catalyst Control Center Graphics Full Existing
"{3D3407EE-CD37-BFCD-FD15-14A24C35B41E}" = CCC Help Swedish
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4713E6B1-9270-5824-CD46-68EAE904F899}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4F61136C-2A4D-4064-71AF-CF0C9DE552C3}" = CCC Help Chinese Standard
"{4FA47485-D671-D6BB-66CD-536598C460E8}" = Catalyst Control Center Localization All
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52FD2375-841C-0551-0E2C-6DA65F73FB09}" = CCC Help Dutch
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57046DA6-882F-9A3F-CD74-5357AC9694B8}" = CCC Help Czech
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5D1BCDDC-A969-2474-A777-4C52079C3778}" = CCC Help French
"{5EBD2FC6-FFB9-550B-7EB5-3848E062B4B2}" = CCC Help English
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{75EF2300-2DA4-60E8-CFAC-04A8081322BE}" = CCC Help Hungarian
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.4.158
"{77277800-4738-946C-B360-19259007E99F}" = CCC Help Chinese Traditional
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7F938BCD-7CC9-7949-DE47-F06CF95741B1}" = CCC Help Portuguese
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{935B9BF4-8006-BC16-B193-F6C13B83F6B2}" = CCC Help Danish
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{965ef942-36c2-4f92-b60f-c75cd1dcde2f}" = Nero 9 Essentials
"{978B28B9-2ED2-C511-5D4C-D72A7D4AEF3E}" = CCC Help Polish
"{9882AE13-E333-3118-45F8-EEDA43BCF63B}" = CCC Help Norwegian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A07D7AF9-BA12-D49D-9771-A102A4D5BD13}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6D42D59-7188-3DE9-8572-3F83165FBB6C}" = CCC Help Russian
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{ACB583B7-8900-DBA7-CB86-789D1755C77E}" = CCC Help Greek
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B7060593-A94C-96E2-115A-11EAA79AEAF8}" = CCC Help Spanish
"{B789926B-4CB9-2345-075B-1BEE87C53A71}" = CCC Help Italian
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}" = iPhoneBrowser
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C8F7146C-831F-4FED-AA6A-A82560FF1BEF}" = Air TV
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CC407F63-7F0A-D8E0-E4F8-4B36E7E1E577}" = CCC Help Thai
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
"{D1BBB9C9-800C-ADD3-F847-FF5582DCF68F}" = CCC Help Korean
"{D23E10BC-2CE3-A967-385C-446922563356}" = Catalyst Control Center Graphics Light
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAF6BE5A-8587-045A-4753-2D273007FDDD}" = Catalyst Control Center Graphics Full New
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE18E5E3-9929-4A7C-AA08-E0AEC2FEA75C}" = Air Mouse Server
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"{FFD412C4-7E27-9167-1C5D-E40803B7AEC7}" = ccc-core-static
"8461-7759-5462-8226" = Vuze
"AC3File_is1" = AC3File 0.6b
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Air Video Server" = Air Video Server 2.2.5
"Alt.Binz" = Alt.Binz 0.25.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"avast!" = avast! Antivirus
"Bloomberg Excel Tools" = Bloomberg Excel Tools
"Bloomberg Keyboard v10.5" = Bloomberg Keyboard v10.5
"Bloomberg PFM Upload Tool for Microsoft Excel" = Bloomberg PFM Upload Tool for Microsoft Excel
"Bloomberg Professional Service" = Bloomberg Professional Service
"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"EASEUS Todo Backup 1.1_is1" = EASEUS Todo Backup 1.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder x64" = MediaCoder x64 0.7.3.4640
"MediaPortal" = MediaPortal
"MediaPortal TV Server" = MediaPortal TV Server / Client
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"nzb" = nzb
"Orb" = Orb
"plist Editor for Windows" = plist Editor for Windows 1.0.2
"Steam App 11020" = TrackMania Nations Forever
"Steam App 400" = Portal
"Switch" = Switch Sound File Converter
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/2/2010 10:00:45 PM | Computer Name = GlenandTam-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
L:\Data\Photos\2009\6 June 09\IMG_1085.jpg failed, 00000037.

Error - 8/20/2010 3:48:23 AM | Computer Name = GlenandTam-PC | Source = avast! | ID = 33554522
Description = Error in aswChestS: chest s_NewFile Error 112.

Error - 8/20/2010 3:48:23 AM | Computer Name = GlenandTam-PC | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestAddFile Error 112.

[ Application Events ]
Error - 7/13/2010 5:58:26 AM | Computer Name = GlenandTam-PC | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 5:58:26 AM | Computer Name = GlenandTam-PC | Source = Bonjour Service | ID = 100
Description = 520: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 5:58:26 AM | Computer Name = GlenandTam-PC | Source = Bonjour Service | ID = 100
Description = 544: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 5:58:26 AM | Computer Name = GlenandTam-PC | Source = Bonjour Service | ID = 100
Description = 524: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 7/13/2010 10:35:45 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/13/2010 10:36:47 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\mediacoder\codecs\lencod64.exe ".
Dependent
Assembly Microsoft.VC90.OpenMP,processorArchitecture= "amd64 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.21022.8 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/13/2010 10:37:06 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/14/2010 10:31:21 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 7/14/2010 10:32:09 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\mediacoder\codecs\lencod64.exe ".
Dependent
Assembly Microsoft.VC90.OpenMP,processorArchitecture= "amd64 ",publicKeyToken= "1fc8b3b9a1e18e3b ",type= "win32 ",version= "9.0.21022.8 "
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/14/2010 10:32:20 AM | Computer Name = GlenandTam-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe ".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture= "AMD64 ",type= "win32 ",version= "1.0.0.1 ". Definition
is WLMFDS,processorArchitecture= "x86 ",type= "win32 ",version= "1.0.0.1 ". Please use
sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 6/21/2010 2:09:20 PM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 6/22/2010 7:49:26 PM | Computer Name = GlenandTam-PC | Source = MCUpdate | ID = 0
Description = 9:49:26 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 6/26/2010 7:15:09 PM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 7/15/2010 7:38:00 PM | Computer Name = GlenandTam-PC | Source = MCUpdate | ID = 0
Description = 9:37:56 AM - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 8/14/2010 7:44:47 PM | Computer Name = GlenandTam-PC | Source = MCUpdate | ID = 0
Description = 9:44:47 AM - Failed to retrieve MCESpotlight (Error: Unable to connect
to the remote server)

Error - 8/16/2010 2:02:30 PM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 8/17/2010 9:50:00 AM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 8/17/2010 9:51:21 AM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 8/17/2010 9:52:12 AM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

Error - 8/17/2010 9:53:15 AM | Computer Name = GlenandTam-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) AVerMedia 7231 DVBT Tuner

[ System Events ]
Error - 5/2/2010 5:04:37 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7000
Description = The TVService service failed to start due to the following error:
%%1053

Error - 5/5/2010 10:49:02 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the TVService
service to connect.

Error - 5/5/2010 10:49:02 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7000
Description = The TVService service failed to start due to the following error:
%%1053

Error - 5/7/2010 12:05:07 AM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the NTI
IScheduleSvc service to connect.

Error - 5/7/2010 12:05:07 AM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7000
Description = The NTI IScheduleSvc service failed to start due to the following
error: %%1053

Error - 5/7/2010 12:05:38 AM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the TVService
service to connect.

Error - 5/7/2010 12:05:38 AM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7000
Description = The TVService service failed to start due to the following error:
%%1053

Error - 5/8/2010 10:17:25 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 5/12/2010 11:43:31 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the NTI
IScheduleSvc service to connect.

Error - 5/12/2010 11:43:31 PM | Computer Name = GlenandTam-PC | Source = Service Control Manager | ID = 7000
Description = The NTI IScheduleSvc service failed to start due to the following
error: %%1053


< End of report >

 

I have tried to post the first part of the OTL log file and the malwarebytes log files but I got a message saying that a moderator will check them. But then the ones I posted after that have since appeared so not sure if the ones I have posted will appear or not - and it doesn't appear to let me re-post them.

EDIT: OK, for some reason it let me post some of my posts straight away and some others I had to wait (and I wasn't sure if they would appear seeing as ones I had done after them appeared - hence the duplicate posts)

 

You need to keep away from pirated software or this will happen every time.

==

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

=========

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  
  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:6522
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKCU..\Run: [nasmcrwoex.exe] C:\Users\Glen and Tam\AppData\Local\Temp\nasmcrwoex.exe ()
  O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
  [2010/08/20 09:31:02 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\chfgsgsmc
  [2010/08/20 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\lgxhsnrta
  [2010/08/20 09:32:12 | 000,000,120 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\Ovujafisequpal.dat
  [2010/08/20 09:32:12 | 000,000,000 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\Cjapebiweyifeg.bin
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nasmcrwoex.exe deleted successfully.
C:\Users\Glen and Tam\AppData\Local\Temp\nasmcrwoex.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\Glen and Tam\AppData\Local\chfgsgsmc folder moved successfully.
C:\Users\Glen and Tam\AppData\Local\lgxhsnrta folder moved successfully.
C:\Users\Glen and Tam\AppData\Local\Ovujafisequpal.dat moved successfully.
C:\Users\Glen and Tam\AppData\Local\Cjapebiweyifeg.bin moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 41620 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Glen and Tam
->Flash cache emptied: 101822 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Glen and Tam
->Temp folder emptied: 1131622071 bytes
->Temporary Internet Files folder emptied: 582995423 bytes
->Java cache emptied: 1911534 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 7023332 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7920470 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67429 bytes
RecycleBin emptied: 1345671001 bytes

Total Files Cleaned = 2,935.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08222010_145339

Files\Folders moved on Reboot...
C:\Users\Glen and Tam\AppData\Local\Temp\VBE\MSForms.exd moved successfully.
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\C2A0.tmp not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\C3D9.tmp not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\C4D4.tmp not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\C5BF.tmp not found!
C:\Users\Glen and Tam\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DF0301BA6BAD0E0563.TMP not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DF27875DF7CDBCB1F9.TMP not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DF6ED043B496452A13.TMP not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DF81C148F6394C2624.TMP not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DF8E4E65FF811CA8DB.TMP not found!
File\Folder C:\Users\Glen and Tam\AppData\Local\Temp\~DFD838E2425A3B3E99.TMP not found!
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\logishrd\LVPrcInj07.dll not found!
File\Folder C:\Windows\temp\logishrd\LVPrcInj08.dll not found!

Registry entries deleted on Reboot...

 

OTL logfile created on: 8/22/2010 3:05:16 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Glen and Tam\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 458.45 Gb Total Space | 373.99 Gb Free Space | 81.58% Space Free | Partition Type: NTFS
Drive D: | 458.96 Gb Total Space | 69.34 Gb Free Space | 15.11% Space Free | Partition Type: NTFS
Drive E: | 4.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 683.50 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 465.75 Gb Total Space | 135.55 Gb Free Space | 29.10% Space Free | Partition Type: NTFS

Computer Name: GLENANDTAM-PC
Current User Name: Glen and Tam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
PRC - [2010/08/01 10:26:12 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/08/01 10:26:12 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/23 10:03:50 | 000,093,696 | ---- | M] () -- c:\Program Files (x86)\blp\API\Office Tools\bxlaui.exe
PRC - [2010/06/23 09:44:28 | 000,029,696 | ---- | M] (Bloomberg LP) -- c:\Program Files (x86)\blp\API\Office Tools\bxlartd.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/03 09:48:40 | 000,754,288 | ---- | M] (Orb Networks) -- C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
PRC - [2010/04/03 09:48:18 | 000,198,144 | ---- | M] (Orb Networks, Inc.) -- C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
PRC - [2010/02/20 02:49:30 | 000,188,416 | ---- | M] (Team MediaPortal) -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe
PRC - [2009/11/25 09:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/11/19 07:56:38 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/12 11:48:50 | 000,469,536 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009/11/11 02:40:54 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009/11/03 17:56:34 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/14 05:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/14 05:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/07 01:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/10/01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/10 23:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/13 09:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/08/13 08:58:28 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/08/04 15:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/27 10:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/02/07 11:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2007/01/02 07:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Glen and Tam\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2006/03/08 07:56:00 | 000,278,528 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe


========== Modules (SafeList) ==========

MOD - [2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
MOD - [2009/07/14 11:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 11:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/25 09:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV:64bit: - [2009/11/25 09:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV:64bit: - [2009/11/25 09:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV:64bit: - [2009/11/25 09:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV:64bit: - [2009/11/18 15:45:38 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/10/07 01:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/08/07 08:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/04 12:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/06/29 15:43:16 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/07 08:51:27 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/20 02:49:30 | 000,188,416 | ---- | M] (Team MediaPortal) [Auto | Running] -- C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TVService.exe -- (TVService)
SRV - [2009/12/24 07:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/10/14 05:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/10/01 13:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 13:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/10 23:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 19:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/26 04:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/13 09:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/04/29 10:23:41 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/07 08:50:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/20 18:37:55 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009/12/02 12:20:56 | 000,137,608 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EuDisk.sys -- (EuDisk)
DRV:64bit: - [2009/11/25 09:50:05 | 000,022,096 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2009/11/25 09:49:56 | 000,065,616 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2009/11/18 16:21:18 | 006,171,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/29 18:14:38 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/14 05:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/07 08:49:28 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2009/10/07 08:47:46 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 08:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 01:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 11:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/23 19:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/24 23:07:52 | 001,622,528 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2009/08/07 08:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/14 11:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 11:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 10:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/14 10:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/07/14 10:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009/06/11 06:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 21:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 21:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 21:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/06 10:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 10:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/03/27 00:23:54 | 000,019,432 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2007/09/26 00:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2009/12/02 12:21:00 | 000,026,504 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\sysWow64\drivers\eufs.sys -- (EUFS)
DRV - [2009/12/02 12:20:58 | 000,017,800 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2009/12/02 12:20:56 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\Windows\sysWow64\drivers\eubakup.sys -- (EUBAKUP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c09&m=aspire_m5811&r=17360310m406p03d5v165w4961u255
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/07 19:22:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/07 19:22:42 | 000,000,000 | ---D | M]

[2010/05/27 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions
[2010/05/27 00:01:43 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions\MediaCoder
[2010/05/27 00:09:00 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Mozilla\Extensions\MediaCoder-Setup-Wizard
[2010/06/21 12:16:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/04/07 00:11:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/06/28 23:44:43 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/28 23:44:43 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/28 23:44:43 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/28 23:44:43 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/08/22 14:55:38 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [CLRHost] C:\Program Files (x86)\blp\API\Office Tools\bbxlcmd.exe ()
O4 - HKCU..\Run: [googletalk] C:\Users\Glen and Tam\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MtdAcqu] C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/03 05:27:56 | 000,000,051 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/03/21 21:18:34 | 000,000,000 | RH-D | M] - L:\autorun -- [ NTFS ]
O32 - AutoRun File - [2008/10/03 19:38:52 | 000,000,000 | ---D | M] - L:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{b4c24f96-5348-11df-b321-90fba62e7ea1}\Shell - " " = AutoRun
O33 - MountPoints2\{b4c24f96-5348-11df-b321-90fba62e7ea1}\Shell\AutoRun\command - " " = K:\LaunchBFII.exe -- [2005/09/24 08:54:10 | 000,557,056 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/22 14:53:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/22 13:13:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
[2010/08/20 10:29:11 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\New folder
[2010/08/20 09:32:11 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\{80C5DC41-37C1-45FC-BCED-89C6DF765047}
[2010/08/20 09:30:20 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Windows Server
[2010/08/20 09:30:13 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\2F8B603C2C4A1A9B1072D8A1D47353AD
[2010/08/15 20:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2010/08/15 20:23:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2010/08/15 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\NCH Software
[2010/08/15 20:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3File
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/07 19:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/07 19:23:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/07 19:22:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/01 12:39:55 | 000,026,504 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eufs.sys
[2010/08/01 12:39:31 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eubakup.sys
[2010/08/01 12:39:31 | 000,017,800 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysWow64\drivers\eudskacs.sys
[2010/08/01 12:39:30 | 000,137,608 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Windows\SysNative\drivers\EuDisk.sys
[2010/08/01 12:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2010/07/21 20:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\VOWSoft
[2010/07/21 20:49:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPodRobot
[2010/07/15 21:15:24 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Bloomberg
[2010/07/15 20:37:37 | 001,331,200 | ---- | C] (AuthenTec, Inc.) -- C:\Windows\SysWow64\ATCPanel.cpl
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Windows\XSxS
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xenocode
[2010/07/15 20:37:23 | 000,000,000 | ---D | C] -- C:\Windows\Driver Cache
[2010/07/15 20:36:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\blp
[2010/07/15 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\ICAClient
[2010/07/15 19:58:06 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Citrix
[2010/07/10 14:12:33 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\Paradise Lost
[2010/07/03 09:47:05 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Roaming\Audacity
[2010/07/03 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/06/29 17:38:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010/06/29 17:37:54 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\TrackMania
[2010/06/28 20:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SyncToy 2.1
[2010/06/28 20:33:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/06/18 19:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/06/18 00:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010/06/18 00:05:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/06/18 00:04:59 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/18 00:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/18 00:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/18 00:03:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/18 00:03:00 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Microsoft Help
[2010/06/18 00:02:42 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/16 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoneBrowser
[2010/06/15 19:20:06 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\100APPLE
[2010/06/07 19:53:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/04 20:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour Print Services
[2010/06/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/04 20:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/01 22:20:04 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\SightSpeed Recordings
[2010/05/27 00:01:42 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\AppData\Local\Broad Intelligence
[2010/05/26 23:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2010/05/25 20:49:48 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Documents\Downloads
[2010/05/24 23:43:16 | 000,000,000 | ---D | C] -- C:\Users\Glen and Tam\Desktop\Glens Shortcuts
[2010/03/20 18:37:55 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.sys
[2009/11/19 07:40:11 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 90 Days ==========

[2010/08/22 15:04:34 | 003,145,728 | -HS- | M] () -- C:\Users\Glen and Tam\ntuser.dat
[2010/08/22 15:03:14 | 000,113,232 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/22 15:01:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 15:01:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/22 15:01:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010/08/22 15:01:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/22 15:01:15 | 3113,533,440 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/22 15:00:22 | 003,008,264 | -H-- | M] () -- C:\Users\Glen and Tam\AppData\Local\IconCache.db
[2010/08/22 14:55:38 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2010/08/22 14:49:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/08/22 13:13:10 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Glen and Tam\Desktop\OTL.exe
[2010/08/22 12:09:01 | 000,525,824 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\dds.scr
[2010/08/22 09:22:38 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/22 09:22:38 | 000,622,110 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/22 09:22:38 | 000,108,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/21 07:52:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 07:52:29 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 00:18:35 | 000,813,843 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Roaming\vso_ts_preview.xml
[2010/08/20 09:44:58 | 000,722,382 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 07:38:22 | 000,001,033 | ---- | M] () -- C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/15 20:23:15 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2010/08/12 21:53:58 | 003,112,959 | ---- | M] () -- C:\DVD_VIDEO_RECORDER.ISO
[2010/08/12 21:53:58 | 000,004,314 | ---- | M] () -- C:\DVD_VIDEO_RECORDER.MDS
[2010/08/08 20:32:56 | 002,297,917 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Pug sings Batman theme-GrIp3k5pJQM-3.mp4
[2010/08/07 19:24:19 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/07 19:22:39 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/01 12:39:30 | 000,001,308 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/07/21 20:49:39 | 000,001,236 | ---- | M] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/15 20:38:11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\BLOOMBERG.lnk
[2010/07/09 21:02:14 | 000,076,360 | ---- | M] () -- C:\Users\Glen and Tam\Documents\GLEN2010.TAX
[2010/07/09 20:52:08 | 000,074,848 | ---- | M] () -- C:\Users\Glen and Tam\Documents\GLEN2010.BAK
[2010/07/09 17:10:04 | 000,073,176 | ---- | M] () -- C:\Users\Glen and Tam\Documents\TAM2010.TAX
[2010/07/09 17:07:29 | 000,072,184 | ---- | M] () -- C:\Users\Glen and Tam\Documents\TAM2010.BAK
[2010/07/09 15:50:41 | 000,001,555 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\e-tax 2010.lnk
[2010/07/03 09:46:59 | 000,001,050 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/01 11:06:40 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/30 12:25:00 | 006,778,880 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\etax2010_1.msi
[2010/06/29 15:46:15 | 000,000,221 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\TrackMania Nations Forever.url
[2010/06/21 21:30:01 | 000,000,531 | ---- | M] () -- C:\Windows\win.ini
[2010/06/21 20:01:46 | 000,434,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/06/08 20:16:41 | 000,001,909 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010/06/08 20:16:41 | 000,001,606 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Mobile Applications - Shortcut.lnk
[2010/06/08 20:16:41 | 000,000,896 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\MediaCoder x64.lnk
[2010/06/08 20:06:27 | 000,166,615 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\THRASS-picturechaart.jpg
[2010/06/08 20:04:47 | 000,159,555 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\Paper Fewster.pdf
[2010/06/08 20:04:44 | 001,912,713 | ---- | M] () -- C:\Users\Glen and Tam\Desktop\1R.pdf

========== Files Created - No Company Name ==========

[2010/08/22 12:09:00 | 000,525,824 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\dds.scr
[2010/08/20 09:44:58 | 000,722,382 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 07:38:22 | 000,001,033 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/08/15 20:23:15 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\VideoPad Video Editor.lnk
[2010/08/12 21:53:58 | 000,004,314 | ---- | C] () -- C:\DVD_VIDEO_RECORDER.MDS
[2010/08/12 20:50:47 | 003,112,959 | ---- | C] () -- C:\DVD_VIDEO_RECORDER.ISO
[2010/08/08 20:32:39 | 002,297,917 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Pug sings Batman theme-GrIp3k5pJQM-3.mp4
[2010/08/07 19:24:19 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/07 19:22:39 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/08/01 12:39:30 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Todo Backup 1.1.lnk
[2010/07/21 20:49:39 | 000,001,236 | ---- | C] () -- C:\Users\Public\Desktop\plist Editor for Windows.lnk
[2010/07/15 20:38:11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\BLOOMBERG.lnk
[2010/07/15 20:37:35 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\drivers\UNWISE.EXE
[2010/07/09 19:58:06 | 000,076,360 | ---- | C] () -- C:\Users\Glen and Tam\Documents\GLEN2010.TAX
[2010/07/09 19:58:06 | 000,074,848 | ---- | C] () -- C:\Users\Glen and Tam\Documents\GLEN2010.BAK
[2010/07/03 09:46:59 | 000,001,050 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2010/07/02 11:31:36 | 000,073,176 | ---- | C] () -- C:\Users\Glen and Tam\Documents\TAM2010.TAX
[2010/07/02 11:31:36 | 000,072,184 | ---- | C] () -- C:\Users\Glen and Tam\Documents\TAM2010.BAK
[2010/06/30 12:27:44 | 000,001,555 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\e-tax 2010.lnk
[2010/06/30 12:24:52 | 006,778,880 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\etax2010_1.msi
[2010/06/29 15:46:15 | 000,000,221 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\TrackMania Nations Forever.url
[2010/06/08 20:06:27 | 000,166,615 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\THRASS-picturechaart.jpg
[2010/06/08 20:04:45 | 000,159,555 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Paper Fewster.pdf
[2010/06/08 20:04:32 | 001,912,713 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\1R.pdf
[2010/06/08 19:08:52 | 000,001,606 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\Mobile Applications - Shortcut.lnk
[2010/05/26 23:46:22 | 000,000,896 | ---- | C] () -- C:\Users\Glen and Tam\Desktop\MediaCoder x64.lnk
[2010/05/19 20:17:45 | 000,000,121 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/10 22:18:08 | 000,000,017 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Local\resmon.resmoncfg
[2010/04/07 19:58:16 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/04/06 13:20:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/04 22:25:24 | 001,228,854 | ---- | C] () -- C:\ProgramData\OrbError.bmp
[2010/04/03 17:09:36 | 000,000,063 | ---- | C] () -- C:\Windows\PixieTool.INI
[2010/03/20 18:38:42 | 000,813,843 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\vso_ts_preview.xml
[2010/03/20 18:38:28 | 000,000,034 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.log
[2010/03/20 18:37:55 | 000,099,384 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\inst.exe
[2010/03/20 18:37:55 | 000,007,859 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.cat
[2010/03/20 18:37:55 | 000,001,167 | ---- | C] () -- C:\Users\Glen and Tam\AppData\Roaming\pcouffin.inf
[2010/03/19 20:14:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/01/07 23:39:51 | 000,008,461 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe3.log
[2009/11/19 07:39:50 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/14 07:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/23 22:25:44 | 000,000,000 | -HSD | M] -- C:\Users\Glen and Tam\AppData\Roaming\.#
[2010/08/20 16:31:02 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\2F8B603C2C4A1A9B1072D8A1D47353AD
[2010/07/03 10:18:31 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Audacity
[2010/08/14 18:11:22 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Azureus
[2010/05/27 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Broad Intelligence
[2010/04/29 14:38:38 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\DAEMON Tools Pro
[2010/03/23 22:25:13 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\GameConsole
[2010/07/15 20:09:13 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\ICAClient
[2010/05/30 10:34:58 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\ImgBurn
[2010/04/06 13:06:53 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Leadertech
[2010/05/04 22:46:52 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\NCH Swift Sound
[2010/03/20 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\PowerCinema
[2010/04/03 19:24:50 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Publish Providers
[2010/03/19 23:41:03 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\SoftDMA
[2010/04/03 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Sony
[2010/03/21 18:40:28 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\SystemRequirementsLab
[2010/08/15 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\uTorrent
[2010/08/21 00:18:36 | 000,000,000 | ---D | M] -- C:\Users\Glen and Tam\AppData\Roaming\Vso
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/08/22 14:00:00 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2009/07/14 15:08:49 | 000,021,022 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >

 

How are things now?

 

Everything seems pretty close to how they were before the attack happened.

Is there any sign of malware / virus still left on there from those logs?

 

Not seeing anything, but do an online scan to be sure.

Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.

• You will need to use Internet Explorer to complete this scan.
• You will need to temporarily Disable your current Anti-virus program.
• Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
• When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

​

NOTE: If you are unable to complete the ESET scan, please try another from the list below:

• Kaspersky Online Scanner ​

• Panda Active Scan ​

• Trend Micro HouseCall ​

• F-Secure Online Virus Scanner ​

 

I ended up using Panda Active Scan. It found a few things:

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-08-22 18:42:17
PROTECTIONS: 1
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
avast! antivirus Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@atdmt[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@apmebf[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@bs.serving-sys[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@statse.webtrendslive[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\low\glen_and_tam@overture[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No c:\users\glen and tam\appdata\roaming\microsoft\windows\cookies\glen_and_tam@questionmarket[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

 

Just a bunch of harmless cookies. They can be deleted from within your browser preferences.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

========

You should be good to go now .

 

..... duplicate post.

 

Will do. Many thanks for your help - it is very much appreciated. Being in the same timezone (Australia) has also meant it has been much quicker than I first anticipated.

Cheers.

 

You're welcome