TechSpot

Funmoods toolbar

Solved
By mom26gr8kids
Dec 16, 2012
  1. Due to virus issues in the past I installed Web of Trust on my computer last year, however, in the past few weeks my family has switched to using Google Chrome for our browser. I noticed a couple days ago that the Google Chrome did not have the WOT but I hadn't fixed it yet, and then last night while trying to verify something one of my friends posted on facebook I ended up at a bad website. I didn't notice at first, it was just a discussion type website, but after I left it I realized that my home page had been changed from google to searchfunmooods.com and I also had a funmoods tool bar. I immediately ran a Super Anti-Spyware scan which caught it and "removed" it, but still today google is not my homepage and I have the toolbar. I will run the 4 steps and post logs. Thanks
     
  2. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    All right, after running the Malware Bytes my homepage was already back to google. Here is the mbam log

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.12.17.01

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Dad :: DAD-PC [administrator]

    16/12/2012 9:32:41 PM
    mbam-log-2012-12-16 (21-32-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 270040
    Time elapsed: 7 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 25
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=or...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005) Good: (http://www.google.com) -> Quarantined and repaired successfully.

    Folders Detected: 3
    C:\Program Files\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

    Files Detected: 17
    C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
    C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

    (end)
     
  3. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    DDS log


    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
    Run by Dad at 23:02:00 on 2012-12-16
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1394 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
    FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\Common Files\Comodo\launcher_service.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\SLsvc.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Comodo\GeekBuddy\unit.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Comodo\COMODO Internet Security\cfpupdat.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [LMab1err] "c:\program files\lexmark\errorapp\LMab1err.exe"
    uRun: [LMADImon] "c:\program files\lexmark pro710 series\LMADImon.exe"
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRunOnce: [926_2338618170815] "c:\users\dad\appdata\local\lo9d4f~1\LMIR0001.tmp_r.bat"
    mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
    mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE} : NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE} : DHCPNameServer = 192.168.1.1
    Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
    Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs= c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005&q=
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.14\npapicomadapter.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\musicnotes\npmusicn.dll
    FF - plugin: c:\program files\musicnotes\NPSibelius.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dad\appdata\local\roblox\versions\version-fb3436d54f9e4598\NPRobloxProxy.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoeact.dll
    FF - plugin: c:\users\dad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
    FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2012-11-06 15:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    FF - ExtSQL: 2012-12-12 14:38; ffxtlbr@funmoods.com; c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\ffxtlbr@funmoods.com
    FF - ExtSQL: !HIDDEN! 2009-08-31 08:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Search
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005&q=
    FF - user.js: extensions.funmoods.id - 001D72BCB8F7D808
    FF - user.js: extensions.funmoods.instlDay - 15686
    FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
    FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:30:48
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - orgnl
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef -
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods.autoRvrt - false
    FF - user.js: extensions.funmoods.envrmnt - production
    FF - user.js: extensions.funmoods.isdcmntcmplt - true
    FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 361032]
    R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-12-4 35064]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 491816]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-10-18 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-15 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 44808]
    R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-11-1 70352]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-12-15 09:29:28--------d-----w-c:\program files\iPod
    2012-12-15 09:29:26--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2012-12-13 10:16:042382848----a-w-c:\windows\system32\mshtml.tlb
    2012-12-13 10:16:04149552----a-w-c:\program files\internet explorer\sqmapi.dll
    2012-12-13 10:16:03420864----a-w-c:\windows\system32\vbscript.dll
    2012-12-13 10:16:03194048----a-w-c:\program files\internet explorer\IEShims.dll
    2012-12-13 10:16:02142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-12-13 10:16:01194560----a-w-c:\program files\internet explorer\ieproxy.dll
    2012-12-13 10:16:001129472----a-w-c:\windows\system32\wininet.dll
    2012-12-13 10:15:59757296----a-w-c:\program files\internet explorer\iexplore.exe
    2012-12-13 10:15:591800704----a-w-c:\windows\system32\jscript9.dll
    2012-12-13 10:15:58387584----a-w-c:\program files\internet explorer\jsdbgui.dll
    2012-12-13 10:15:57678912----a-w-c:\program files\internet explorer\iedvtool.dll
    2012-12-13 10:15:541427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-12-13 10:11:489728----a-w-c:\windows\system32\Wdfres.dll
    2012-12-13 10:11:27155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-12-13 10:11:2666560----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-12-13 10:11:2516896----a-w-c:\windows\system32\winusb.dll
    2012-12-13 10:11:2373216----a-w-c:\windows\system32\WUDFSvc.dll
    2012-12-13 10:11:22172032----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-12-13 10:11:2047720----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-12-13 10:11:19526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-12-13 10:11:1038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-12-13 10:11:09196608----a-w-c:\windows\system32\WUDFHost.exe
    2012-12-13 10:11:08613888----a-w-c:\windows\system32\WUDFx.dll
    2012-12-12 21:38:52--------d-----r-c:\program files\Skype
    2012-12-12 18:27:212048000----a-w-c:\windows\system32\win32k.sys
    2012-12-12 18:27:19376320----a-w-c:\windows\system32\dpnet.dll
    2012-12-12 18:27:1923040----a-w-c:\windows\system32\dpnsvr.exe
    2012-12-12 18:27:17224640----a-w-c:\windows\system32\drivers\volsnap.sys
    2012-12-12 18:27:1134304----a-w-c:\windows\system32\atmlib.dll
    2012-12-12 18:27:11293376----a-w-c:\windows\system32\atmfd.dll
    2012-12-12 18:27:042048----a-w-c:\windows\system32\tzres.dll
    2012-12-04 08:41:2835064----a-w-c:\windows\system32\drivers\CFRMD.sys
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
    2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
    .
    ==================== Find3M ====================
    .
    2012-12-12 04:00:3073656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-12 04:00:30697272----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-12-04 08:41:2835064----a-w-c:\windows\inf\cfrmd\cfrmd.sys
    2012-11-06 22:33:35477168----a-w-c:\windows\system32\npdeployJava1.dll
    2012-11-06 22:33:35473072----a-w-c:\windows\system32\deployJava1.dll
    2012-10-30 23:51:58738504----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 23:51:5758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 23:51:0741224----a-w-c:\windows\avastSS.scr
    2012-10-25 10:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
    2012-10-25 10:12:2669632----a-w-c:\windows\system32\QuickTime.qts
    2012-10-11 04:15:041867112----a-w-c:\windows\system32\nvcuvenc.dll
    2012-10-11 04:15:002574696----a-w-c:\windows\system32\nvcuvid.dll
    2012-10-11 04:14:50888168----a-w-c:\windows\system32\nvdispgenco32.dll
    2012-10-11 04:14:5012501352----a-w-c:\windows\system32\nvwgf2um.dll
    2012-10-11 04:14:4617559912----a-w-c:\windows\system32\nvcompiler.dll
    2012-10-11 04:14:442428776----a-w-c:\windows\system32\nvapi.dll
    2012-10-11 04:14:427697768----a-w-c:\windows\system32\nvcuda.dll
    2012-10-11 04:14:2810837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2012-10-11 04:14:2219906920----a-w-c:\windows\system32\nvoglv32.dll
    2012-10-11 04:14:221009512----a-w-c:\windows\system32\nvdispco32.dll
    2012-10-11 04:14:166127464----a-w-c:\windows\system32\nvopencl.dll
    2012-10-11 04:14:1615309160----a-w-c:\windows\system32\nvd3dum.dll
    2012-10-02 20:15:52430952----a-w-c:\windows\system32\nvStreaming.exe
    2012-10-02 19:29:42645992----a-w-c:\windows\system32\nvvsvc.exe
    2012-10-02 19:29:4162312----a-w-c:\windows\system32\nvshext.dll
    2012-10-02 19:29:412557288----a-w-c:\windows\system32\nvsvcr.dll
    2012-10-02 19:29:41108392----a-w-c:\windows\system32\nvmctray.dll
    2012-10-02 19:29:222853224----a-w-c:\windows\system32\nvsvc.dll
    2012-10-02 19:28:533965288----a-w-c:\windows\system32\nvcpl.dll
    2012-09-30 02:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
    2012-09-28 17:32:565989776----a-w-c:\windows\system32\usbaaplrc.dll
    2012-09-28 17:32:5644544----a-w-c:\windows\system32\drivers\usbaapl.sys
    2012-09-25 16:19:4175776----a-w-c:\windows\system32\synceng.dll
    .
    ============= FINISH: 23:03:26.56 ===============
     
  4. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Attach.txt file

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 7:16:20 PM
    System Uptime: 16/12/2012 9:42:28 PM (2 hours ago)
    .
    Motherboard: Acer | | WMCP78M
    Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 16.772 GiB free.
    D: is FIXED (NTFS) - 142 GiB total, 141.818 GiB free.
    E: is Removable
    I: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    2002 Games
    7-Zip 9.20
    Ace of Spades
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer Registration
    Acrobat.com
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.6
    Agere Systems PCI-SV92EX Soft Modem
    Alice Greenfingers
    Alien Shooter
    Allmyapps
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AV Input Selection
    avast! Free Antivirus
    Babysitting Mania
    Batch Update
    Battlefield Play4Free
    Bible Data Type System Files
    Big Fish Games: Game Manager
    Bonjour
    Bookworm Adventures
    Build In Time
    Burger Shop
    C:\Program Files\Acer GameZone\GameConsole
    Cake Mania
    Chicken Invaders 2
    Chocolatier
    Choice Guard
    Common System Files
    Comodo Dragon
    COMODO Internet Security
    Cookie Domination
    Cooking Academy
    Cooking Dash
    Cooking Dash Diner Town Studios
    Dairy Dash
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Direct Show Ogg Vorbis Filter (remove only)
    Doggie Dash
    Double Play Jojo's Fashion Show 1 & 2
    Double Play Jojo’s Fashion Show 1 & 2
    Dream Day First Home
    Dream Day Wedding
    Dream Day Wedding Married in Manhattan
    Family Feud 3
    Family Tree Maker 2005
    Fashion Dash
    Free Realms
    Free Realms Installer
    Galapago
    Garfield's Typing Pal
    GeekBuddy
    Go-Go Gourmet
    Go Go Gourmet Chef of the Year
    Google Chrome
    Google Desktop
    Google Earth Plug-in
    Google SketchUp 8
    Google Update Helper
    Graphical Query Editor
    Hax264 Codec 2.1.0.8
    Heroes of Hellas
    Home Sweet Home
    Hotel Dash Suite Success
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ijji REACTOR
    IrfanView (remove only)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 37
    Jessicas Cupcake Cafe
    Jewelleria
    Junk Mail filter update
    Kelly Green Garden Queen
    Kitchen Brigade
    Lexmark Network TWAIN Driver Uninstaller
    Lexmark Pro710 Series Uninstaller
    Libronix Digital Library System
    Libronix DLS Application
    Libronix DLS Shortcuts
    LibronixUpdate
    Lizard Safeguard - PDF Viewer 2.6.25
    LLS Resource Driver
    Magic Farm
    Magic Match Adventures
    Malwarebytes Anti-Malware version 1.65.1.1000
    Math Missions Grades 3-5
    Math Missions Grades K-2
    Mavis Beacon Teaches Typing 15
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Minecraft version Beta 1.8
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    Musicnotes Software Suite 1.5.5
    Mystery Solitaire - Secret Island
    Norton Internet Security
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OEB Resource Driver
    OGA Notifier 2.0.0048.0
    Orchard
    Passport to Perfume™
    PDF Resource Driver
    PDFCreator
    Picasa 3
    Plants vs. Zombies
    PlayReady PC runtime
    PunkBuster Services
    Puzzle and Board XP Championship
    QuickTime
    Roblox
    Roblox for Dad
    ScanToWeb
    Secunia PSI (3.0.0.4001)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Sentence Diagramming
    Skype™ 6.0
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Sunshine Acres
    SUPERAntiSpyware Free Edition
    swMSM
    System Requirements Lab
    Timez Attack
    U.B. Funkeys
    Uninstall Dual Mode Camera
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Wedding Dash 2
    Wedding Dash Ready Aim Love
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Yard Sale Junkie
    Year 2 year-plan
    Year 3 Curriculum
    Year 3 Interface
    Year 4 Curriculum
    Year 4 Government
    Year 4 Interface
    Year 4 MapAids
    .
    ==== End Of File ===========================
     
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there! Welcome back. :D

    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
     
  6. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Junkware log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.1.8 (12.17.2012:1)
    OS: Windows Vista (TM) Home Premium x86
    Ran by Dad on 18/12/2012 at 10:11:33.14
    Blog: http://thisisudax.blogspot.com
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
    Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Program Files\coupons"
    Successfully deleted: [Folder] "C:\Program Files\gamesbar"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\user.js
    Successfully deleted: [File] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\searchplugins\funmoods.xml
    Successfully deleted: [Folder] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\searchtoolbar@zugo.com
    Successfully deleted: [Folder] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\ffxtlbr@funmoods.com
    Successfully deleted the following from C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\prefs.js

    user_pref("browser.search.defaultenginename", "Funmoods");
    user_pref("extensions.funmoods.aflt", "orgnl");
    user_pref("extensions.funmoods.autoRvrt", false);
    user_pref("extensions.funmoods.cntry", "US");
    user_pref("extensions.funmoods.cv", "cv5");
    user_pref("extensions.funmoods.dfltLng", "");
    user_pref("extensions.funmoods.dfltSrch", true);
    user_pref("extensions.funmoods.dnsErr", true);
    user_pref("extensions.funmoods.envrmnt", "production");
    user_pref("extensions.funmoods.excTlbr", false);
    user_pref("extensions.funmoods.hdrMd5", "794D7417932E6C619BF9657301B6C880");
    user_pref("extensions.funmoods.hmpg", true);
    user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=or...0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFt
    user_pref("extensions.funmoods.id", "001D72BCB8F7D808");
    user_pref("extensions.funmoods.instlDay", "15686");
    user_pref("extensions.funmoods.instlRef", "");
    user_pref("extensions.funmoods.isdcmntcmplt", true);
    user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:30:48");
    user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    user_pref("extensions.funmoods.newTab", true);
    user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=or...yB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDt
    user_pref("extensions.funmoods.prdct", "funmoods");
    user_pref("extensions.funmoods.prtnrId", "funmoods");
    user_pref("extensions.funmoods.sg", "none");
    user_pref("extensions.funmoods.smplGrp", "none");
    user_pref("extensions.funmoods.srchPrvdr", "Search");
    user_pref("extensions.funmoods.tlbrId", "base");
    user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=or...0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFt
    user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:30:48");
    user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    user_pref("extensions.funmoods_i.newTab", true);
    user_pref("extensions.funmoods_i.smplGrp", "none");
    user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:30:48");
    user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
    user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
    user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
    user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
    user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
    user_pref("keyword.URL", "http://searchfunmoods.com/?f=1&a=or...0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/12/2012 at 10:16:04.27
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  7. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    AdwCleaner Log

    # AdwCleaner v2.101 - Logfile created 12/18/2012 at 10:33:12
    # Updated 16/12/2012 by Xplode
    # Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
    # User : Dad - DAD-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Dad\Downloads\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\prefs.js

    Deleted : user_pref("extensions.enabledAddons", "battlefieldplay4free%40ea.com:1.0.66.2,support%40ancestry.com[...]

    -\\ Google Chrome v23.0.1271.97

    File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0[...]
    Deleted [l.11] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
    Deleted [l.35] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
    Deleted [l.38] : keyword = "funmoods.com",
    Deleted [l.41] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2Xzu[...]
    Deleted [l.1454] : homepage = "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz[...]
    Deleted [l.2277] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1[...]

    *************************

    AdwCleaner[R1].txt - [3713 octets] - [18/12/2012 10:32:28]
    AdwCleaner[S1].txt - [3287 octets] - [18/12/2012 10:33:12]

    ########## EOF - C:\AdwCleaner[S1].txt - [3347 octets] ##########
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
     
  9. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    OTL logfile created on: 19/12/2012 3:21:23 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.52% Memory free
    5.71 Gb Paging File | 4.20 Gb Available in Paging File | 73.57% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.04 Gb Total Space | 15.91 Gb Free Space | 11.20% Space Free | Partition Type: NTFS
    Drive D: | 142.04 Gb Total Space | 141.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

    Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/19 15:20:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
    PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/11/01 07:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2012/11/01 07:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
    PRC - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
    PRC - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/10/02 12:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012/10/02 12:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2012/09/24 05:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2012/03/11 14:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    PRC - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
    PRC - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/07/29 18:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2002/08/30 12:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
    MOD - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    MOD - [2011/11/09 05:38:05 | 000,217,088 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
    MOD - [2011/10/24 07:25:23 | 001,454,080 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/01/19 18:42:17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3011.0__4df5dcab8860d239\Framework.Utility.dll
    MOD - [2009/01/19 18:42:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3011.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
    MOD - [2009/01/19 18:42:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3011.0__3036420f80dd6947\Framework.Library.dll
    MOD - [2009/01/19 18:42:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3011.0__672b450de5a7e94a\Framework.Host.dll
    MOD - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    MOD - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    MOD - [2008/10/01 12:43:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
    MOD - [2008/10/01 12:43:36 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
    MOD - [2008/07/29 18:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll


    ========== Services (SafeList) ==========

    SRV - [2012/12/11 21:00:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/05 17:44:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
    SRV - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/03/11 14:13:29 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2012/03/11 14:13:28 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2012/03/11 14:13:26 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2011/09/06 09:02:54 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/09/06 09:02:54 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2010/02/18 13:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/09/30 18:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/09/11 13:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
    DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/03/22 08:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/01/25 05:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 01:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/02/14 19:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
    DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
    DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112812&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    IE - HKCU\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{AE8D422B-14EB-48A1-A47E-66E6C5B599C1}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ACAW_enUS342
    IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4dd2efc0&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKCU\..\SearchScopes\{E6FE486B-0774-467A-8120-8156E835684A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
    FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 48
    FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
    FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.iWon.com/Plugin: C:\Program Files\iWonEI\Installr\1.bin\NPjfEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 09:14:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/12 14:06:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/12 14:06:16 | 000,000,000 | ---D | M]

    [2009/08/26 20:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
    [2012/12/18 10:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
    [2011/03/18 08:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH
    [2012/10/03 11:12:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/10/21 16:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2012/03/17 16:25:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com
    [2010/11/26 09:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
    [2012/02/15 10:27:05 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/12/19 11:07:31 | 000,001,540 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\searchplugins\swagbuckscom.xml
    [2012/12/12 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/12 14:06:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/12/12 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/12/12 14:06:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
    [2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
    [2007/02/12 12:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll
    [2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    [2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    [2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/19 23:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Funmoods (Enabled)
    CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    CHR - plugin: igLoader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npigl.dll
    CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
    CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - Extension: avast! WebRep = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    O1 HOSTS File: ([2012/10/07 19:41:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
    O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
    O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ()
    O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/18 10:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2012/12/18 10:09:30 | 000,000,000 | ---D | C] -- C:\JRT
    [2012/12/15 02:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/15 02:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/15 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/12/12 14:38:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/12/12 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/12/04 01:41:28 | 000,035,064 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
    [2012/11/30 10:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/11/30 10:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

    ========== Files - Modified Within 30 Days ==========

    [2012/12/19 15:00:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/19 15:00:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/19 14:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/19 14:40:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/19 13:40:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/19 11:00:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2012/12/19 11:00:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/19 11:00:14 | 2951,258,112 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/18 09:48:49 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
    [2012/12/18 09:48:44 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/17 15:24:35 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/17 15:24:35 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/16 21:27:37 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/15 02:30:45 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/13 03:36:09 | 000,441,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/12 14:44:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/12/12 14:38:53 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/12/12 14:16:11 | 000,001,796 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2012/12/10 19:56:54 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
    [2012/12/02 21:03:45 | 000,006,913 | ---- | M] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
    [2012/11/30 10:06:30 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/11/21 09:15:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

    ========== Files Created - No Company Name ==========

    [2012/12/18 09:48:49 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
    [2012/12/18 09:48:44 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/12/12 14:38:53 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/12/12 14:16:11 | 000,001,796 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2012/12/02 21:03:45 | 000,006,913 | ---- | C] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
    [2012/11/30 10:06:30 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/11/06 14:54:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
    [2012/11/06 14:52:29 | 001,024,000 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
    [2012/11/06 14:52:29 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
    [2012/11/06 14:52:29 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
    [2012/10/07 19:23:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/07 19:23:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/07 19:23:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/07 19:23:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/07 19:23:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/05 20:17:13 | 002,193,278 | ---- | C] () -- C:\Users\Dad\tdsskiller.zip
    [2012/10/01 08:22:33 | 000,164,858 | ---- | C] () -- C:\Users\Dad\2012 HYPE Calendar.pages
    [2012/09/12 18:55:18 | 003,068,630 | ---- | C] () -- C:\Users\Dad\FW__General_Liablity0.zip
    [2012/09/11 16:53:04 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
    [2012/09/11 16:53:04 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
    [2012/09/11 16:53:04 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
    [2012/08/24 15:46:08 | 000,042,527 | ---- | C] () -- C:\Users\Dad\Maxcyt.jpg
    [2012/08/24 15:45:16 | 000,316,914 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Max.jpg
    [2012/08/24 15:45:05 | 000,042,746 | ---- | C] () -- C:\Users\Dad\annmariecyt.jpg
    [2012/08/24 15:44:07 | 000,042,976 | ---- | C] () -- C:\Users\Dad\troycyt.jpg
    [2012/08/24 15:43:09 | 000,313,069 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Troy.jpg
    [2012/08/24 15:35:46 | 000,000,345 | -H-- | C] () -- C:\Users\Dad\.picasa.ini
    [2012/08/24 15:35:00 | 000,316,419 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Annmarie.jpg
    [2012/08/23 18:07:40 | 003,068,630 | ---- | C] () -- C:\Users\Dad\General_Liablity_Ren0.zip
    [2012/07/21 14:11:37 | 000,019,820 | ---- | C] () -- C:\Users\Dad\399536_404282179630578_393412301_n.jpg
    [2012/06/04 17:14:14 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft(1).jar
    [2012/06/04 10:35:11 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft.jar
    [2012/03/17 20:10:28 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/03/17 20:10:28 | 000,138,056 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PnkBstrK.sys
    [2012/03/17 20:10:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2012/03/17 20:10:03 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2011/12/26 18:03:34 | 000,304,928 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
    [2011/12/23 22:59:12 | 000,001,280 | ---- | C] () -- C:\Windows\System32\.ini
    [2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns
    [2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns
    [2011/11/07 13:53:18 | 000,000,269 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/03/28 11:01:48 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
    [2011/01/05 09:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/01/05 09:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/12/28 15:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\Mavis Beacon Teaches Typing.INI
    [2010/07/05 13:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
    [2009/11/29 20:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
    [2009/10/22 09:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
    [2009/09/03 11:38:47 | 000,025,600 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
  10. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    OTL cont.

    ========== LOP Check ==========

    [2012/11/12 11:41:00 | 000,000,000 | -HSD | M] -- C:\Users\Dad\AppData\Roaming\.#
    [2012/12/03 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft
    [2012/09/04 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.spoutcraft
    [2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
    [2009/01/19 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
    [2011/11/17 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Allmyapps
    [2010/07/23 10:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
    [2009/09/03 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
    [2010/07/10 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
    [2010/12/06 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
    [2010/12/28 15:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
    [2010/11/04 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
    [2010/07/08 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
    [2010/01/30 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
    [2009/09/30 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
    [2009/08/31 08:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
    [2011/03/28 11:01:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FTW
    [2010/07/21 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
    [2010/02/05 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
    [2009/12/22 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
    [2010/08/02 17:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
    [2012/11/06 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IrfanView
    [2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
    [2011/03/28 11:28:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Libronix DLS
    [2009/09/11 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
    [2009/08/26 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
    [2012/06/04 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\New Folder
    [2010/03/22 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
    [2012/05/26 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Oberon Media
    [2011/03/21 09:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
    [2011/06/07 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz
    [2011/05/26 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz Help
    [2010/07/09 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
    [2010/10/11 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
    [2009/11/27 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
    [2011/11/07 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Unity
    [2010/12/25 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
    [2010/12/17 18:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:39C01ECE
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:D07C1DE7
    @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:9E7A5472
    @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11C21A60
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
    @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:B1FBBD09
    @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2CD14F7E
    < End of report >
     
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    Once that's done, and you've posted the fix log, please run another Quick Scan and post a new log behind the fix log. :)
     
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    How did this work out?
     
  13. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Sorry we were out of town this weekend, meant to do this before we left.

    I have tried to run the fix with the OTL but the program has frozen both times and I had to use task manager to restart my computer. Let me know what to do next
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That OTL fix will have to work.

    Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu). Then, try again! :)
     
  15. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    When I am in safe mode OTL doesn't show up on my desktop nor when I do a search. Any reason why my computer can't find it in Safe mode?
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I have no clue. Let's do the following, please:

    OTLPE + Farbar Recovery Scan Tool

    • Download OTLPENet.exe to your desktop
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
    • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads [​IMG]
    • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
    • Insert the flash drive with FRST on it
    • Locate the flash drive and run FSRT
    • The tool will start to run.
    [​IMG]
    • When the tool opens click Yes to disclaimer.
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
     
  17. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    I tried the OTL fix one more time before I started the other steps and this time it actually worked, who knows why. So, here is the OTL log and I am going to run another scan and post that log in a few .

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
    Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
    Folder C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH\ not found.
    File C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\searchplugins\swagbuckscom.xml not found.
    File C:\Program Files\mozilla firefox\plugins\NPcol400.dll not found.
    File C:\Program Files\mozilla firefox\plugins\NPcol500.dll not found.
    Use Chrome's Settings page to remove the default_search_provider items.
    Use Chrome's Settings page to remove the default_search_provider items.
    Unable to delete ADS C:\ProgramData\TEMP:39C01ECE .
    Unable to delete ADS C:\ProgramData\TEMP07C1DE7 .
    Unable to delete ADS C:\ProgramData\TEMP:9E7A5472 .
    Unable to delete ADS C:\ProgramData\TEMP:11C21A60 .
    Unable to delete ADS C:\ProgramData\TEMP:615435BE .
    Unable to delete ADS C:\ProgramData\TEMP:B1FBBD09 .
    Unable to delete ADS C:\ProgramData\TEMP:2CD14F7E .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Dad\Desktop\cmd.bat deleted successfully.
    C:\Users\Dad\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dad
    ->Temp folder emptied: 44396 bytes
    ->Temporary Internet Files folder emptied: 2493267 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 244263391 bytes
    ->Flash cache emptied: 213069 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: test acct
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 126152204 bytes
    RecycleBin emptied: 1370447249 bytes

    Total Files Cleaned = 1,663.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12302012_183143

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\_asw_aisI.tm~a05356\setup.lok not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  18. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Here is the OTL scan

    OTL logfile created on: 30/12/2012 7:02:42 PM - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

    2.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 47.52% Memory free
    5.71 Gb Paging File | 4.17 Gb Available in Paging File | 73.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.04 Gb Total Space | 21.00 Gb Free Space | 14.79% Space Free | Partition Type: NTFS
    Drive D: | 142.04 Gb Total Space | 141.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

    Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    PRC - [2012/11/01 07:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
    PRC - [2012/11/01 07:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
    PRC - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
    PRC - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
    PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012/10/08 20:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
    PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/10/02 12:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2012/10/02 12:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2012/10/01 15:09:24 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
    PRC - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
    PRC - [2012/09/24 05:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
    PRC - [2012/03/11 14:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    PRC - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
    PRC - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/07/29 18:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2002/08/30 12:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
    MOD - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
    MOD - [2011/11/09 05:38:05 | 000,217,088 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
    MOD - [2011/10/24 07:25:23 | 001,454,080 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
    MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2009/01/19 18:42:17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3011.0__4df5dcab8860d239\Framework.Utility.dll
    MOD - [2009/01/19 18:42:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3011.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
    MOD - [2009/01/19 18:42:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3011.0__3036420f80dd6947\Framework.Library.dll
    MOD - [2009/01/19 18:42:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3011.0__672b450de5a7e94a\Framework.Host.dll
    MOD - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    MOD - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    MOD - [2008/10/01 12:43:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
    MOD - [2008/10/01 12:43:36 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
    MOD - [2008/07/29 18:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll


    ========== Services (SafeList) ==========

    SRV - [2012/12/11 21:00:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/05 17:44:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
    SRV - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
    SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
    SRV - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
    SRV - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
    DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/03/11 14:13:29 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2012/03/11 14:13:28 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2012/03/11 14:13:26 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
    DRV - [2011/09/06 09:02:54 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/09/06 09:02:54 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2010/02/18 13:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/01/26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/09/30 18:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/09/11 13:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
    DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
    DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/03/22 08:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/01/25 05:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 01:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/02/14 19:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
    DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
    DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
    DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
    DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112812&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{AE8D422B-14EB-48A1-A47E-66E6C5B599C1}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ACAW_enUS342
    IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4dd2efc0&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
    IE - HKCU\..\SearchScopes\{E6FE486B-0774-467A-8120-8156E835684A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: ""
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
    FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
    FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
    FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@ei.iWon.com/Plugin: C:\Program Files\iWonEI\Installr\1.bin\NPjfEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
    FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
    FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 09:14:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/12 14:06:27 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/25 00:33:29 | 000,000,000 | ---D | M]

    [2009/08/26 20:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
    [2012/12/25 00:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
    [2012/10/03 11:12:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2009/10/21 16:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2012/03/17 16:25:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com
    [2010/11/26 09:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
    [2012/02/15 10:27:05 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
    [2012/12/12 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/12/12 14:06:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/12/12 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2012/12/12 14:06:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/02/12 12:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll
    [2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    [2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    [2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/11/19 23:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Funmoods (Enabled)
    CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    CHR - plugin: igLoader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npigl.dll
    CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
    CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
    CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
    CHR - Extension: avast! WebRep = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

    O1 HOSTS File: ([2012/10/07 19:41:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
    O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
    O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ()
    O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: NameServer = 8.26.56.26,156.154.70.22
    O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/18 10:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2012/12/18 10:09:30 | 000,000,000 | ---D | C] -- C:\JRT
    [2012/12/15 02:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/12/15 02:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/12/15 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
    [2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/12/12 14:38:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/12/12 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/12/04 01:41:28 | 000,035,064 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/12/30 18:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/30 18:40:56 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/12/30 18:40:56 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/12/30 18:40:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/12/30 18:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2012/12/30 18:33:48 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/12/30 18:33:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/30 18:33:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/30 18:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/30 18:33:27 | 2951,258,112 | -HS- | M] () -- C:\hiberfil.sys
    [2012/12/28 09:37:56 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
    [2012/12/25 00:18:58 | 000,203,920 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
    [2012/12/21 03:18:55 | 000,441,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/12/20 13:49:57 | 000,000,369 | ---- | M] () -- C:\Windows\wininit.ini
    [2012/12/18 09:48:44 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/16 21:27:37 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/12/15 02:30:45 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/12/12 14:44:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/12/12 14:16:11 | 000,001,796 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2012/12/10 19:56:54 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
    [2012/12/02 21:03:45 | 000,006,913 | ---- | M] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg

    ========== Files Created - No Company Name ==========

    [2012/12/28 09:45:48 | 2951,258,112 | -HS- | C] () -- C:\hiberfil.sys
    [2012/12/28 09:37:56 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
    [2012/12/18 09:48:44 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2012/12/12 14:16:11 | 000,001,796 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
    [2012/12/02 21:03:45 | 000,006,913 | ---- | C] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
    [2012/11/06 14:54:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
    [2012/11/06 14:52:29 | 001,024,000 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
    [2012/11/06 14:52:29 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
    [2012/11/06 14:52:29 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
    [2012/10/07 19:23:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/07 19:23:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/07 19:23:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/07 19:23:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/07 19:23:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/05 20:17:13 | 002,193,278 | ---- | C] () -- C:\Users\Dad\tdsskiller.zip
    [2012/10/01 08:22:33 | 000,164,858 | ---- | C] () -- C:\Users\Dad\2012 HYPE Calendar.pages
    [2012/09/12 18:55:18 | 003,068,630 | ---- | C] () -- C:\Users\Dad\FW__General_Liablity0.zip
    [2012/09/11 16:53:04 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
    [2012/09/11 16:53:04 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
    [2012/09/11 16:53:04 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
    [2012/08/24 15:46:08 | 000,042,527 | ---- | C] () -- C:\Users\Dad\Maxcyt.jpg
    [2012/08/24 15:45:16 | 000,316,914 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Max.jpg
    [2012/08/24 15:45:05 | 000,042,746 | ---- | C] () -- C:\Users\Dad\annmariecyt.jpg
    [2012/08/24 15:44:07 | 000,042,976 | ---- | C] () -- C:\Users\Dad\troycyt.jpg
    [2012/08/24 15:43:09 | 000,313,069 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Troy.jpg
    [2012/08/24 15:35:46 | 000,000,345 | -H-- | C] () -- C:\Users\Dad\.picasa.ini
    [2012/08/24 15:35:00 | 000,316,419 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Annmarie.jpg
    [2012/08/23 18:07:40 | 003,068,630 | ---- | C] () -- C:\Users\Dad\General_Liablity_Ren0.zip
    [2012/07/21 14:11:37 | 000,019,820 | ---- | C] () -- C:\Users\Dad\399536_404282179630578_393412301_n.jpg
    [2012/06/04 17:14:14 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft(1).jar
    [2012/06/04 10:35:11 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft.jar
    [2012/03/17 20:10:28 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2012/03/17 20:10:28 | 000,138,056 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PnkBstrK.sys
    [2012/03/17 20:10:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
    [2012/03/17 20:10:03 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
    [2011/12/26 18:03:34 | 000,304,928 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
    [2011/12/23 22:59:12 | 000,001,280 | ---- | C] () -- C:\Windows\System32\.ini
    [2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns
    [2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns
    [2011/11/07 13:53:18 | 000,000,369 | ---- | C] () -- C:\Windows\wininit.ini
    [2011/03/28 11:01:48 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
    [2011/01/05 09:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/01/05 09:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/07/05 13:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
    [2009/11/29 20:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
    [2009/10/22 09:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
    [2009/09/03 11:38:47 | 000,025,600 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========


    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
  19. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Here's the rest of the log


    ========== LOP Check ==========

    [2012/11/12 11:41:00 | 000,000,000 | -HSD | M] -- C:\Users\Dad\AppData\Roaming\.#
    [2012/12/03 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft
    [2012/09/04 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.spoutcraft
    [2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
    [2009/01/19 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
    [2011/11/17 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Allmyapps
    [2010/07/23 10:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
    [2009/09/03 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
    [2010/07/10 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
    [2010/12/06 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
    [2010/12/28 15:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
    [2010/11/04 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
    [2010/07/08 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
    [2010/01/30 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
    [2009/09/30 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
    [2009/08/31 08:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
    [2011/03/28 11:01:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FTW
    [2010/07/21 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
    [2010/02/05 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
    [2009/12/22 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
    [2010/08/02 17:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
    [2012/11/06 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IrfanView
    [2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
    [2011/03/28 11:28:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Libronix DLS
    [2009/09/11 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
    [2009/08/26 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
    [2012/06/04 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\New Folder
    [2010/03/22 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
    [2012/05/26 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Oberon Media
    [2011/03/21 09:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
    [2011/06/07 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz
    [2011/05/26 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz Help
    [2010/07/09 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
    [2010/10/11 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
    [2009/11/27 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
    [2011/11/07 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Unity
    [2010/12/25 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
    [2010/12/17 18:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots

    ========== Purity Check ==========



    < End of report >
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go to Google Chrome, hit the Tool button at the top right, and select Settings.

    Find the Search Engines section, select Manage search engines...

    Find Funmoods listed, right-click and delete it or click the X at the far right.

    Once done, let me know of any other issues. :)
     
  21. mom26gr8kids

    mom26gr8kids TS Maniac Topic Starter Posts: 387

    Okay, funmoods is removed from the search engines on google and there is nothing going on with my computer. Everything is running smoothly here. Thanks for your help. Do you have the link so that I can download Web of Trust onto google chrome. I've heard several friends mention things about google chrome that they think it's not as safe. However, these days a lot of people repeat things they hear and never do any research. Since you do a lot with virus removal do you have an opinion about which is safest? Mozilla, Google or IE? Thanks for all your help and for answering my questions.
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    http://www.mywot.com - Web-of-Trust official site.

    It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create


    Remove tools, temp files, old Restore Points

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
    • It may open a log for you, but I don't need that.

    To remove all of the tools we used and the files and folders they created do the following:
    Double click OTL.exe.
    • Click the CleanUp button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
     
  23. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Topic marked solved.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.