Solved Funmoods toolbar

[mom26gr8kids]

Due to virus issues in the past I installed Web of Trust on my computer last year, however, in the past few weeks my family has switched to using Google Chrome for our browser. I noticed a couple days ago that the Google Chrome did not have the WOT but I hadn't fixed it yet, and then last night while trying to verify something one of my friends posted on facebook I ended up at a bad website. I didn't notice at first, it was just a discussion type website, but after I left it I realized that my home page had been changed from google to searchfunmooods.com and I also had a funmoods tool bar. I immediately ran a Super Anti-Spyware scan which caught it and "removed" it, but still today google is not my homepage and I have the toolbar. I will run the 4 steps and post logs. Thanks

 

[mom26gr8kids]

All right, after running the Malware Bytes my homepage was already back to google. Here is the mbam log

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.17.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Dad :: DAD-PC [administrator]

16/12/2012 9:32:41 PM
mbam-log-2012-12-16 (21-32-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 270040
Time elapsed: 7 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 25
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.FunMoods) -> Bad: (http://searchfunmoods.com/?f=1&a=or...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 3
C:\Program Files\Funmoods (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22 (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\bh (PUP.FunMoods) -> Quarantined and deleted successfully.

Files Detected: 17
C:\Program Files\Funmoods\1.5.23.22\funmoodssrv.exe (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\bh\escort.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortApp.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortEng.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Dad\AppData\Local\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Dad\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Users\Dad\Local Settings\Application Data\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Dad\AppData\Local\funmoods-speeddial_sf.crx (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Dad\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\escortShld.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\FavIcon.ico (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\Sqlite3.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\uninst.dat (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Program Files\Funmoods\1.5.23.22\uninstall.exe (PUP.FunMoods) -> Quarantined and deleted successfully.

(end)

 

[mom26gr8kids]

DDS log


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_37
Run by Dad at 23:02:00 on 2012-12-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1394 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Comodo\COMODO Internet Security\cfpupdat.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LMab1err] "c:\program files\lexmark\errorapp\LMab1err.exe"
uRun: [LMADImon] "c:\program files\lexmark pro710 series\LMADImon.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRunOnce: [926_2338618170815] "c:\users\dad\appdata\local\lo9d4f~1\LMIR0001.tmp_r.bat"
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE} : DHCPNameServer = 192.168.1.1
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs= c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005&q=
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.14\npapicomadapter.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\musicnotes\npmusicn.dll
FF - plugin: c:\program files\musicnotes\NPSibelius.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dad\appdata\local\roblox\versions\version-fb3436d54f9e4598\NPRobloxProxy.dll
FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoeact.dll
FF - plugin: c:\users\dad\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-06 15:34; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-12 14:38; ffxtlbr@funmoods.com; c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\ffxtlbr@funmoods.com
FF - ExtSQL: !HIDDEN! 2009-08-31 08:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005&q=
FF - user.js: extensions.funmoods.id - 001D72BCB8F7D808
FF - user.js: extensions.funmoods.instlDay - 15686
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2214:30:48
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - orgnl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-7-15 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-7-15 361032]
R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2012-12-4 35064]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-12-19 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-10-18 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-7-15 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-7-15 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-7-15 44808]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-11-1 70352]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-9-24 1328736]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-9-24 656480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-16 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-12-15 09:29:28--------d-----w-c:\program files\iPod
2012-12-15 09:29:26--------d-----w-c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-13 10:16:042382848----a-w-c:\windows\system32\mshtml.tlb
2012-12-13 10:16:04149552----a-w-c:\program files\internet explorer\sqmapi.dll
2012-12-13 10:16:03420864----a-w-c:\windows\system32\vbscript.dll
2012-12-13 10:16:03194048----a-w-c:\program files\internet explorer\IEShims.dll
2012-12-13 10:16:02142848----a-w-c:\windows\system32\ieUnatt.exe
2012-12-13 10:16:01194560----a-w-c:\program files\internet explorer\ieproxy.dll
2012-12-13 10:16:001129472----a-w-c:\windows\system32\wininet.dll
2012-12-13 10:15:59757296----a-w-c:\program files\internet explorer\iexplore.exe
2012-12-13 10:15:591800704----a-w-c:\windows\system32\jscript9.dll
2012-12-13 10:15:58387584----a-w-c:\program files\internet explorer\jsdbgui.dll
2012-12-13 10:15:57678912----a-w-c:\program files\internet explorer\iedvtool.dll
2012-12-13 10:15:541427968----a-w-c:\windows\system32\inetcpl.cpl
2012-12-13 10:11:489728----a-w-c:\windows\system32\Wdfres.dll
2012-12-13 10:11:27155136----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 10:11:2666560----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 10:11:2516896----a-w-c:\windows\system32\winusb.dll
2012-12-13 10:11:2373216----a-w-c:\windows\system32\WUDFSvc.dll
2012-12-13 10:11:22172032----a-w-c:\windows\system32\WUDFPlatform.dll
2012-12-13 10:11:2047720----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 10:11:19526952----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 10:11:1038912----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-12-13 10:11:09196608----a-w-c:\windows\system32\WUDFHost.exe
2012-12-13 10:11:08613888----a-w-c:\windows\system32\WUDFx.dll
2012-12-12 21:38:52--------d-----r-c:\program files\Skype
2012-12-12 18:27:212048000----a-w-c:\windows\system32\win32k.sys
2012-12-12 18:27:19376320----a-w-c:\windows\system32\dpnet.dll
2012-12-12 18:27:1923040----a-w-c:\windows\system32\dpnsvr.exe
2012-12-12 18:27:17224640----a-w-c:\windows\system32\drivers\volsnap.sys
2012-12-12 18:27:1134304----a-w-c:\windows\system32\atmlib.dll
2012-12-12 18:27:11293376----a-w-c:\windows\system32\atmfd.dll
2012-12-12 18:27:042048----a-w-c:\windows\system32\tzres.dll
2012-12-04 08:41:2835064----a-w-c:\windows\system32\drivers\CFRMD.sys
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin7.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin6.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin5.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin4.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin3.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin2.dll
2012-11-30 17:06:38159744----a-w-c:\program files\internet explorer\plugins\npqtplugin.dll
.
==================== Find3M ====================
.
2012-12-12 04:00:3073656----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 04:00:30697272----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-12-04 08:41:2835064----a-w-c:\windows\inf\cfrmd\cfrmd.sys
2012-11-06 22:33:35477168----a-w-c:\windows\system32\npdeployJava1.dll
2012-11-06 22:33:35473072----a-w-c:\windows\system32\deployJava1.dll
2012-10-30 23:51:58738504----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-10-30 23:51:5758680----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 23:51:0741224----a-w-c:\windows\avastSS.scr
2012-10-25 10:12:2694208----a-w-c:\windows\system32\QuickTimeVR.qtx
2012-10-25 10:12:2669632----a-w-c:\windows\system32\QuickTime.qts
2012-10-11 04:15:041867112----a-w-c:\windows\system32\nvcuvenc.dll
2012-10-11 04:15:002574696----a-w-c:\windows\system32\nvcuvid.dll
2012-10-11 04:14:50888168----a-w-c:\windows\system32\nvdispgenco32.dll
2012-10-11 04:14:5012501352----a-w-c:\windows\system32\nvwgf2um.dll
2012-10-11 04:14:4617559912----a-w-c:\windows\system32\nvcompiler.dll
2012-10-11 04:14:442428776----a-w-c:\windows\system32\nvapi.dll
2012-10-11 04:14:427697768----a-w-c:\windows\system32\nvcuda.dll
2012-10-11 04:14:2810837352----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 04:14:2219906920----a-w-c:\windows\system32\nvoglv32.dll
2012-10-11 04:14:221009512----a-w-c:\windows\system32\nvdispco32.dll
2012-10-11 04:14:166127464----a-w-c:\windows\system32\nvopencl.dll
2012-10-11 04:14:1615309160----a-w-c:\windows\system32\nvd3dum.dll
2012-10-02 20:15:52430952----a-w-c:\windows\system32\nvStreaming.exe
2012-10-02 19:29:42645992----a-w-c:\windows\system32\nvvsvc.exe
2012-10-02 19:29:4162312----a-w-c:\windows\system32\nvshext.dll
2012-10-02 19:29:412557288----a-w-c:\windows\system32\nvsvcr.dll
2012-10-02 19:29:41108392----a-w-c:\windows\system32\nvmctray.dll
2012-10-02 19:29:222853224----a-w-c:\windows\system32\nvsvc.dll
2012-10-02 19:28:533965288----a-w-c:\windows\system32\nvcpl.dll
2012-09-30 02:54:2622856----a-w-c:\windows\system32\drivers\mbam.sys
2012-09-28 17:32:565989776----a-w-c:\windows\system32\usbaaplrc.dll
2012-09-28 17:32:5644544----a-w-c:\windows\system32\drivers\usbaapl.sys
2012-09-25 16:19:4175776----a-w-c:\windows\system32\synceng.dll
.
============= FINISH: 23:03:26.56 ===============

 

[mom26gr8kids]

Attach.txt file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2006 7:16:20 PM
System Uptime: 16/12/2012 9:42:28 PM (2 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 16.772 GiB free.
D: is FIXED (NTFS) - 142 GiB total, 141.818 GiB free.
E: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
2002 Games
7-Zip 9.20
Ace of Spades
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer Registration
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Alien Shooter
Allmyapps
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AV Input Selection
avast! Free Antivirus
Babysitting Mania
Batch Update
Battlefield Play4Free
Bible Data Type System Files
Big Fish Games: Game Manager
Bonjour
Bookworm Adventures
Build In Time
Burger Shop
C:\Program Files\Acer GameZone\GameConsole
Cake Mania
Chicken Invaders 2
Chocolatier
Choice Guard
Common System Files
Comodo Dragon
COMODO Internet Security
Cookie Domination
Cooking Academy
Cooking Dash
Cooking Dash Diner Town Studios
Dairy Dash
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Direct Show Ogg Vorbis Filter (remove only)
Doggie Dash
Double Play Jojo's Fashion Show 1 & 2
Double Play Jojo’s Fashion Show 1 & 2
Dream Day First Home
Dream Day Wedding
Dream Day Wedding Married in Manhattan
Family Feud 3
Family Tree Maker 2005
Fashion Dash
Free Realms
Free Realms Installer
Galapago
Garfield's Typing Pal
GeekBuddy
Go-Go Gourmet
Go Go Gourmet Chef of the Year
Google Chrome
Google Desktop
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
Graphical Query Editor
Hax264 Codec 2.1.0.8
Heroes of Hellas
Home Sweet Home
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ijji REACTOR
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 37
Jessicas Cupcake Cafe
Jewelleria
Junk Mail filter update
Kelly Green Garden Queen
Kitchen Brigade
Lexmark Network TWAIN Driver Uninstaller
Lexmark Pro710 Series Uninstaller
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
Lizard Safeguard - PDF Viewer 2.6.25
LLS Resource Driver
Magic Farm
Magic Match Adventures
Malwarebytes Anti-Malware version 1.65.1.1000
Math Missions Grades 3-5
Math Missions Grades K-2
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Minecraft version Beta 1.8
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Musicnotes Software Suite 1.5.5
Mystery Solitaire - Secret Island
Norton Internet Security
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
OEB Resource Driver
OGA Notifier 2.0.0048.0
Orchard
Passport to Perfume™
PDF Resource Driver
PDFCreator
Picasa 3
Plants vs. Zombies
PlayReady PC runtime
PunkBuster Services
Puzzle and Board XP Championship
QuickTime
Roblox
Roblox for Dad
ScanToWeb
Secunia PSI (3.0.0.4001)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Sentence Diagramming
Skype™ 6.0
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Sunshine Acres
SUPERAntiSpyware Free Edition
swMSM
System Requirements Lab
Timez Attack
U.B. Funkeys
Uninstall Dual Mode Camera
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Wedding Dash 2
Wedding Dash Ready Aim Love
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Yard Sale Junkie
Year 2 year-plan
Year 3 Curriculum
Year 3 Interface
Year 4 Curriculum
Year 4 Government
Year 4 Interface
Year 4 MapAids
.
==== End Of File ===========================

 

[Jay Pfoutz]

Hi there! Welcome back.

Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

• Warning! Once the scan is complete JRT will shut down your browser with NO warning.

• Shut down your protection software now to avoid potential conflicts.
• Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
• Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Copy and Paste the JRT.txt log into your next message.

Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.

• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• A logfile will automatically open after the scan has finished.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

 

[mom26gr8kids]

Junkware log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.1.8 (12.17.2012:1)
OS: Windows Vista (TM) Home Premium x86
Ran by Dad on 18/12/2012 at 10:11:33.14
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escort.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortapp.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escorteng.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\gamesbar"



~~~ FireFox

Successfully deleted: [File] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\user.js
Successfully deleted: [File] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\searchplugins\funmoods.xml
Successfully deleted: [Folder] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\searchtoolbar@zugo.com
Successfully deleted: [Folder] C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\ffxtlbr@funmoods.com
Successfully deleted the following from C:\Users\Dad\AppData\Roaming\mozilla\firefox\profiles\svjtkm5q.default\prefs.js

user_pref("browser.search.defaultenginename", "Funmoods");
user_pref("extensions.funmoods.aflt", "orgnl");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.cntry", "US");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "794D7417932E6C619BF9657301B6C880");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=or...0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDtFt
user_pref("extensions.funmoods.id", "001D72BCB8F7D808");
user_pref("extensions.funmoods.instlDay", "15686");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:30:48");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=or...yB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFtDt
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplGrp", "none");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=or...0FyB0DzztDzztN0D0Tzu0CtAyEyBtN1L2XzutBtFtBtFt
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:30:48");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:30:48");
user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.baidu.com.url", "^http\\:\\/\\/www\\.baidu\\.com\\/.*");
user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .listing .resultsLink + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-re
user_pref("extensions.wrc.SearchRules.excite.com.url", "^http\\:\\/\\/msxml\\.excite\\.com\\/excite\\/ws\\/.+");
user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-r
user_pref("keyword.URL", "http://searchfunmoods.com/?f=1&a=or...0CtAyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/12/2012 at 10:16:04.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[mom26gr8kids]

AdwCleaner Log

# AdwCleaner v2.101 - Logfile created 12/18/2012 at 10:33:12
# Updated 16/12/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Dad - DAD-PC
# Boot Mode : Normal
# Running from : C:\Users\Dad\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\prefs.js

Deleted : user_pref("extensions.enabledAddons", "battlefieldplay4free%40ea.com:1.0.66.2,support%40ancestry.com[...]

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0[...]
Deleted [l.11] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Deleted [l.35] : icon_url = "hxxp://searchfunmoods.com/favicon.ico",
Deleted [l.38] : keyword = "funmoods.com",
Deleted [l.41] : search_url = "hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=orgnl&chnl=&cd=2Xzu[...]
Deleted [l.1454] : homepage = "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtC0DyBtB0B0C0Bzz[...]
Deleted [l.2277] : urls_to_restore_on_startup = [ "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1[...]

*************************

AdwCleaner[R1].txt - [3713 octets] - [18/12/2012 10:32:28]
AdwCleaner[S1].txt - [3287 octets] - [18/12/2012 10:33:12]

########## EOF - C:\AdwCleaner[S1].txt - [3347 octets] ##########

 

[Jay Pfoutz]

OTL Quick Scan

Please download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe.
• Click Quick Scan button and let the program run uninterrupted.
• It will produce a log for you called OTL.txt, please post it in your next reply.
• You may need to use two posts to get it all.

 

[mom26gr8kids]

OTL logfile created on: 19/12/2012 3:21:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 54.52% Memory free
5.71 Gb Paging File | 4.20 Gb Available in Paging File | 73.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.04 Gb Total Space | 15.91 Gb Free Space | 11.20% Space Free | Partition Type: NTFS
Drive D: | 142.04 Gb Total Space | 141.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/19 15:20:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/01 07:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/11/01 07:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/02 12:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 12:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 05:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 14:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 18:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2002/08/30 12:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
MOD - [2011/11/09 05:38:05 | 000,217,088 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
MOD - [2011/10/24 07:25:23 | 001,454,080 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/01/19 18:42:17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3011.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/01/19 18:42:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3011.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2009/01/19 18:42:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3011.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009/01/19 18:42:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3011.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/10/01 12:43:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008/10/01 12:43:36 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008/07/29 18:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll


========== Services (SafeList) ==========

SRV - [2012/12/11 21:00:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 17:44:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/03/11 14:13:29 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/03/11 14:13:28 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 14:13:26 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/09/06 09:02:54 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/06 09:02:54 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/02/18 13:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/09/30 18:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/09/11 13:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/03/22 08:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/25 05:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 01:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/14 19:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112812&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
IE - HKCU\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AE8D422B-14EB-48A1-A47E-66E6C5B599C1}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ACAW_enUS342
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4dd2efc0&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{E6FE486B-0774-467A-8120-8156E835684A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 48
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.iWon.com/Plugin: C:\Program Files\iWonEI\Installr\1.bin\NPjfEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 09:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/12 14:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/12 14:06:16 | 000,000,000 | ---D | M]

[2009/08/26 20:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2012/12/18 10:15:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
[2011/03/18 08:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH
[2012/10/03 11:12:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/21 16:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/03/17 16:25:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com
[2010/11/26 09:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
[2012/02/15 10:27:05 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/12/19 11:07:31 | 000,001,540 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\searchplugins\swagbuckscom.xml
[2012/12/12 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/12 14:06:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/12 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/12 14:06:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2007/02/12 12:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll
[2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/19 23:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Funmoods (Enabled)
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: igLoader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npigl.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012/10/07 19:41:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ()
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 10:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/18 10:09:30 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/15 02:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 02:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/12 14:38:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/12/12 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/04 01:41:28 | 000,035,064 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
[2012/11/30 10:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/30 10:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/12/19 15:00:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 15:00:21 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/19 14:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/19 14:40:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/19 13:40:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/19 11:00:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/12/19 11:00:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/19 11:00:14 | 2951,258,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/18 09:48:49 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/12/18 09:48:44 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/17 15:24:35 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/17 15:24:35 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/16 21:27:37 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 02:30:45 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/13 03:36:09 | 000,441,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/12 14:44:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/12 14:38:53 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/12 14:16:11 | 000,001,796 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/12/10 19:56:54 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
[2012/12/02 21:03:45 | 000,006,913 | ---- | M] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
[2012/11/30 10:06:30 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/21 09:15:00 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

========== Files Created - No Company Name ==========

[2012/12/18 09:48:49 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/12/18 09:48:44 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/12 14:38:53 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/12/12 14:16:11 | 000,001,796 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/12/02 21:03:45 | 000,006,913 | ---- | C] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
[2012/11/30 10:06:30 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/06 14:54:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2012/11/06 14:52:29 | 001,024,000 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2012/11/06 14:52:29 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2012/11/06 14:52:29 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2012/10/07 19:23:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/07 19:23:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/07 19:23:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/07 19:23:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/07 19:23:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/05 20:17:13 | 002,193,278 | ---- | C] () -- C:\Users\Dad\tdsskiller.zip
[2012/10/01 08:22:33 | 000,164,858 | ---- | C] () -- C:\Users\Dad\2012 HYPE Calendar.pages
[2012/09/12 18:55:18 | 003,068,630 | ---- | C] () -- C:\Users\Dad\FW__General_Liablity0.zip
[2012/09/11 16:53:04 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2012/09/11 16:53:04 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2012/09/11 16:53:04 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2012/08/24 15:46:08 | 000,042,527 | ---- | C] () -- C:\Users\Dad\Maxcyt.jpg
[2012/08/24 15:45:16 | 000,316,914 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Max.jpg
[2012/08/24 15:45:05 | 000,042,746 | ---- | C] () -- C:\Users\Dad\annmariecyt.jpg
[2012/08/24 15:44:07 | 000,042,976 | ---- | C] () -- C:\Users\Dad\troycyt.jpg
[2012/08/24 15:43:09 | 000,313,069 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Troy.jpg
[2012/08/24 15:35:46 | 000,000,345 | -H-- | C] () -- C:\Users\Dad\.picasa.ini
[2012/08/24 15:35:00 | 000,316,419 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Annmarie.jpg
[2012/08/23 18:07:40 | 003,068,630 | ---- | C] () -- C:\Users\Dad\General_Liablity_Ren0.zip
[2012/07/21 14:11:37 | 000,019,820 | ---- | C] () -- C:\Users\Dad\399536_404282179630578_393412301_n.jpg
[2012/06/04 17:14:14 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft(1).jar
[2012/06/04 10:35:11 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft.jar
[2012/03/17 20:10:28 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/03/17 20:10:28 | 000,138,056 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PnkBstrK.sys
[2012/03/17 20:10:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/03/17 20:10:03 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/12/26 18:03:34 | 000,304,928 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/12/23 22:59:12 | 000,001,280 | ---- | C] () -- C:\Windows\System32\.ini
[2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns
[2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns
[2011/11/07 13:53:18 | 000,000,269 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/28 11:01:48 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2011/01/05 09:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/05 09:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/28 15:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\Mavis Beacon Teaches Typing.INI
[2010/07/05 13:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
[2009/11/29 20:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2009/10/22 09:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2009/09/03 11:38:47 | 000,025,600 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

 

[mom26gr8kids]

OTL cont.

========== LOP Check ==========

[2012/11/12 11:41:00 | 000,000,000 | -HSD | M] -- C:\Users\Dad\AppData\Roaming\.#
[2012/12/03 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft
[2012/09/04 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.spoutcraft
[2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
[2009/01/19 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
[2011/11/17 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Allmyapps
[2010/07/23 10:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
[2009/09/03 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
[2010/07/10 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
[2010/12/06 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
[2010/12/28 15:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
[2010/11/04 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
[2010/07/08 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
[2010/01/30 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
[2009/09/30 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
[2009/08/31 08:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
[2011/03/28 11:01:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FTW
[2010/07/21 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
[2010/02/05 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/12/22 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
[2010/08/02 17:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
[2012/11/06 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IrfanView
[2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2011/03/28 11:28:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Libronix DLS
[2009/09/11 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
[2009/08/26 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
[2012/06/04 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\New Folder
[2010/03/22 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
[2012/05/26 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Oberon Media
[2011/03/21 09:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
[2011/06/07 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz
[2011/05/26 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz Help
[2010/07/09 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
[2010/10/11 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
[2009/11/27 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
[2011/11/07 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Unity
[2010/12/25 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
[2010/12/17 18:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:39C01ECE
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP07C1DE7
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:9E7A5472
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11C21A60
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:B1FBBD09
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2CD14F7E
< End of report >

 

[Jay Pfoutz]

OTL Fix

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :OTL
  IE - HKLM\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
  IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
  FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
  [2011/03/18 08:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH
  [2012/12/19 11:07:31 | 000,001,540 | ---- | M] () -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\searchplugins\swagbuckscom.xml
  [2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
  [2010/11/04 15:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
  CHR - default_search_provider: Funmoods (Enabled)
  CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
  @Alternate Data Stream - 381 bytes -> C:\ProgramData\TEMP:39C01ECE
  @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP07C1DE7
  @Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:9E7A5472
  @Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11C21A60
  @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
  @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:B1FBBD09
  @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:2CD14F7E
  
  :files
  ipconfig /flushdns /c
  
  :commands
  [emptytemp]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
• Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
  Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Once that's done, and you've posted the fix log, please run another Quick Scan and post a new log behind the fix log.

 

[Jay Pfoutz]

How did this work out?

 

[mom26gr8kids]

Sorry we were out of town this weekend, meant to do this before we left.

I have tried to run the fix with the OTL but the program has frozen both times and I had to use task manager to restart my computer. Let me know what to do next

 

[Jay Pfoutz]

That OTL fix will have to work.

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu). Then, try again!

 

[mom26gr8kids]

When I am in safe mode OTL doesn't show up on my desktop nor when I do a search. Any reason why my computer can't find it in Safe mode?

 

[Jay Pfoutz]

I have no clue. Let's do the following, please:

OTLPE + Farbar Recovery Scan Tool

• Download OTLPENet.exe to your desktop
• Download Farbar Recovery Scan Tool and save it to a flash drive.
• Ensure that you have a blank CD in the drive
• Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
• Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

• As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads
  
• Your system should now display a Reatogo desktop.

Note : as you are running from CD it is not exactly speedy

• Insert the flash drive with FRST on it
• Locate the flash drive and run FSRT
• The tool will start to run.

• When the tool opens click Yes to disclaimer.
• Press Scan button. It will do its scan and save a log on your flash drive.
• Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
  
  
  
  When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
• Type exit in the Command Prompt window and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.

 

[mom26gr8kids]

I tried the OTL fix one more time before I started the other steps and this time it actually worked, who knows why. So, here is the OTL log and I am going to run another scan and post that log in a few .

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Folder C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH\ not found.
File C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\searchplugins\swagbuckscom.xml not found.
File C:\Program Files\mozilla firefox\plugins\NPcol400.dll not found.
File C:\Program Files\mozilla firefox\plugins\NPcol500.dll not found.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Unable to delete ADS C:\ProgramData\TEMP:39C01ECE .
Unable to delete ADS C:\ProgramData\TEMP07C1DE7 .
Unable to delete ADS C:\ProgramData\TEMP:9E7A5472 .
Unable to delete ADS C:\ProgramData\TEMP:11C21A60 .
Unable to delete ADS C:\ProgramData\TEMP:615435BE .
Unable to delete ADS C:\ProgramData\TEMP:B1FBBD09 .
Unable to delete ADS C:\ProgramData\TEMP:2CD14F7E .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Dad\Desktop\cmd.bat deleted successfully.
C:\Users\Dad\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dad
->Temp folder emptied: 44396 bytes
->Temporary Internet Files folder emptied: 2493267 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 244263391 bytes
->Flash cache emptied: 213069 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: test acct
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 126152204 bytes
RecycleBin emptied: 1370447249 bytes

Total Files Cleaned = 1,663.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12302012_183143

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_asw_aisI.tm~a05356\setup.lok not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

[mom26gr8kids]

Here is the OTL scan

OTL logfile created on: 30/12/2012 7:02:42 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dad\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 47.52% Memory free
5.71 Gb Paging File | 4.17 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.04 Gb Total Space | 21.00 Gb Free Space | 14.79% Space Free | Partition Type: NTFS
Drive D: | 142.04 Gb Total Space | 141.82 Gb Free Space | 99.84% Space Free | Partition Type: NTFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/28 14:13:16 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/11/01 07:52:54 | 000,875,728 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
PRC - [2012/11/01 07:52:52 | 000,877,264 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Comodo\GeekBuddy\unit.exe
PRC - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) -- C:\Program Files\Common Files\Comodo\launcher_service.exe
PRC - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
PRC - [2012/10/30 16:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/08 20:30:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Desktop\OTL.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/02 12:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/10/02 12:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/10/01 15:09:24 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/09/24 05:46:14 | 000,573,536 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/08/09 22:12:18 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2012/03/11 14:13:00 | 006,749,512 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
PRC - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 18:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2002/08/30 12:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/23 11:56:03 | 000,948,360 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMADImon.exe
MOD - [2011/11/09 05:41:27 | 000,644,160 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
MOD - [2011/11/09 05:38:05 | 000,217,088 | ---- | M] () -- C:\Program Files\Lexmark\ErrorApp\lmab1err.dll
MOD - [2011/10/24 07:25:23 | 001,454,080 | ---- | M] () -- C:\Program Files\Lexmark Pro710 Series\LMabdrs.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/01/19 18:42:17 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3011.0__4df5dcab8860d239\Framework.Utility.dll
MOD - [2009/01/19 18:42:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3011.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
MOD - [2009/01/19 18:42:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3011.0__3036420f80dd6947\Framework.Library.dll
MOD - [2009/01/19 18:42:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3011.0__672b450de5a7e94a\Framework.Host.dll
MOD - [2008/10/01 12:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
MOD - [2008/10/01 12:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/10/01 12:43:48 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Presenter.dll
MOD - [2008/10/01 12:43:36 | 001,822,720 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.AppBar.dll
MOD - [2008/07/29 18:52:38 | 000,227,888 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll


========== Services (SafeList) ==========

SRV - [2012/12/11 21:00:31 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/05 17:44:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/11/01 07:52:52 | 000,070,352 | ---- | M] (Comodo Security Solutions Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\launcher_service.exe -- (CLPSLauncher)
SRV - [2012/10/31 14:46:38 | 001,467,088 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe -- (GeekBuddyRSP)
SRV - [2012/10/30 16:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/24 05:46:16 | 001,328,736 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/09/24 05:46:16 | 000,656,480 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/09/07 21:39:42 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/11 14:13:21 | 001,983,232 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2008/10/01 12:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/29 18:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/10 20:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Dad\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)
DRV - [2012/10/30 16:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 16:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 16:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 16:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/10/30 16:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 16:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/03/11 14:13:29 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2012/03/11 14:13:28 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2012/03/11 14:13:26 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/16 07:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2011/09/06 09:02:54 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/06 09:02:54 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 11:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/02/18 13:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/09/30 18:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/09/11 13:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2009/03/18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/21 22:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 22:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/03/22 08:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/25 05:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 01:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 19:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/14 19:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2005/08/17 06:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 06:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 06:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 06:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112812&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{7C0E11FC-52F1-B66D-AD31-4BE39032DECF}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AE8D422B-14EB-48A1-A47E-66E6C5B599C1}: "URL" = http://www.google.com/search?q={sea...putEncoding}&sourceid=ie7&rlz=1I7ACAW_enUS342
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.com/?d=4dd2efc0&I=23&tp=chrome&q={searchTerms}&lng={language}&nt=1
IE - HKCU\..\SearchScopes\{E6FE486B-0774-467A-8120-8156E835684A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free%40ea.com:1.0.66.2
FF - prefs.js..extensions.enabledAddons: support%40ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.iWon.com/Plugin: C:\Program Files\iWonEI\Installr\1.bin\NPjfEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer: C:\Program Files\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin: C:\Program Files\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/21 09:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/12 14:06:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/25 00:33:29 | 000,000,000 | ---D | M]

[2009/08/26 20:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2012/12/25 00:33:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
[2012/10/03 11:12:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/21 16:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012/03/17 16:25:00 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\battlefieldplay4free@ea.com
[2010/11/26 09:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
[2012/02/15 10:27:05 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/12/12 14:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/12/12 14:06:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/12 14:06:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/12 14:06:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/02/12 12:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\mozilla firefox\plugins\npigl.dll
[2010/03/30 11:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 06:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\mozilla firefox\plugins\npijjiFFPlugin1.dll
[2012/11/19 23:17:14 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/19 23:17:14 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Funmoods (Enabled)
CHR - default_search_provider: search_url = http://searchfunmoods.com/results.p...AyEyBtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1632066005
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: igLoader (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npigl.dll
CHR - plugin: ijji Auto Install Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
CHR - plugin: npijjiFFPlugin1 for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U37 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files\Musicnotes\npsibelius.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Users\Dad\AppData\LocalLow\Sony Online Entertainment\npsoe.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Dad\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Dad\AppData\Local\Roblox\Versions\version-fb3436d54f9e4598\\NPRobloxProxy.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2012/10/07 19:41:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found
O4 - HKLM..\Run: [tvncontrol] "C:\Program Files\Common Files\Comodo\tvnserver.exe" -controlservice -slave File not found
O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe ()
O4 - HKCU..\Run: [LMADImon] C:\Program Files\Lexmark Pro710 Series\LMADImon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{209691AC-D76C-4989-96DB-91FF190476EE}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol\Handler\lbxfile {56831180-F115-11d2-B6AA-00104B2B9943} - C:\Program Files\Libronix DLS\System\FileProt.dll (Libronix Corporation)
O18 - Protocol\Handler\lbxres {24508F1B-9E94-40EE-9759-9AF5795ADF52} - C:\Program Files\Libronix DLS\System\ResProt.dll (Libronix Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Winter_Wonderland,_British_Columbia,_Canada.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/18 10:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012/12/18 10:09:30 | 000,000,000 | ---D | C] -- C:\JRT
[2012/12/15 02:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 02:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 02:29:26 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/12/12 14:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/12/12 14:38:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/12/12 14:06:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/04 01:41:28 | 000,035,064 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys

========== Files - Modified Within 30 Days ==========

[2012/12/30 18:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/30 18:40:56 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/30 18:40:56 | 000,105,046 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/30 18:40:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/30 18:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012/12/30 18:33:48 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/30 18:33:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 18:33:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/30 18:33:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/30 18:33:27 | 2951,258,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/28 09:37:56 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/12/25 00:18:58 | 000,203,920 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2012/12/21 03:18:55 | 000,441,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/12/20 13:49:57 | 000,000,369 | ---- | M] () -- C:\Windows\wininit.ini
[2012/12/18 09:48:44 | 000,001,919 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/16 21:27:37 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/15 02:30:45 | 000,001,628 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/12 14:44:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/12/12 14:16:11 | 000,001,796 | ---- | M] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/12/10 19:56:54 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/04 01:41:28 | 000,035,064 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\CFRMD.sys
[2012/12/02 21:03:45 | 000,006,913 | ---- | M] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg

========== Files Created - No Company Name ==========

[2012/12/28 09:45:48 | 2951,258,112 | -HS- | C] () -- C:\hiberfil.sys
[2012/12/28 09:37:56 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/12/18 09:48:44 | 000,001,919 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/13 03:12:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/12 14:16:11 | 000,001,796 | ---- | C] () -- C:\Users\Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/12/02 21:03:45 | 000,006,913 | ---- | C] () -- C:\Users\Dad\Desktop\Zombatar_3.jpg
[2012/11/06 14:54:24 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2012/11/06 14:52:29 | 001,024,000 | ---- | C] ( ) -- C:\Windows\System32\LMADIQlang.dll
[2012/11/06 14:52:29 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMADIQcomc.dll
[2012/11/06 14:52:29 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMADIQinpa.dll
[2012/10/07 19:23:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/07 19:23:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/07 19:23:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/07 19:23:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/07 19:23:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/05 20:17:13 | 002,193,278 | ---- | C] () -- C:\Users\Dad\tdsskiller.zip
[2012/10/01 08:22:33 | 000,164,858 | ---- | C] () -- C:\Users\Dad\2012 HYPE Calendar.pages
[2012/09/12 18:55:18 | 003,068,630 | ---- | C] () -- C:\Users\Dad\FW__General_Liablity0.zip
[2012/09/11 16:53:04 | 001,019,904 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Nlang.dll
[2012/09/11 16:53:04 | 000,430,080 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ncomc.dll
[2012/09/11 16:53:04 | 000,204,800 | ---- | C] ( ) -- C:\Windows\System32\LMFX1Ninpa.dll
[2012/08/24 15:46:08 | 000,042,527 | ---- | C] () -- C:\Users\Dad\Maxcyt.jpg
[2012/08/24 15:45:16 | 000,316,914 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Max.jpg
[2012/08/24 15:45:05 | 000,042,746 | ---- | C] () -- C:\Users\Dad\annmariecyt.jpg
[2012/08/24 15:44:07 | 000,042,976 | ---- | C] () -- C:\Users\Dad\troycyt.jpg
[2012/08/24 15:43:09 | 000,313,069 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Troy.jpg
[2012/08/24 15:35:46 | 000,000,345 | -H-- | C] () -- C:\Users\Dad\.picasa.ini
[2012/08/24 15:35:00 | 000,316,419 | ---- | C] () -- C:\Users\Dad\postcards_Songer_Annmarie.jpg
[2012/08/23 18:07:40 | 003,068,630 | ---- | C] () -- C:\Users\Dad\General_Liablity_Ren0.zip
[2012/07/21 14:11:37 | 000,019,820 | ---- | C] () -- C:\Users\Dad\399536_404282179630578_393412301_n.jpg
[2012/06/04 17:14:14 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft(1).jar
[2012/06/04 10:35:11 | 004,542,344 | ---- | C] () -- C:\Users\Dad\minecraft.jar
[2012/03/17 20:10:28 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012/03/17 20:10:28 | 000,138,056 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\PnkBstrK.sys
[2012/03/17 20:10:20 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012/03/17 20:10:03 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/12/26 18:03:34 | 000,304,928 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2011/12/23 22:59:12 | 000,001,280 | ---- | C] () -- C:\Windows\System32\.ini
[2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileOut.cns
[2011/11/26 17:21:50 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\FileIn.cns
[2011/11/07 13:53:18 | 000,000,369 | ---- | C] () -- C:\Windows\wininit.ini
[2011/03/28 11:01:48 | 000,000,074 | ---- | C] () -- C:\Windows\MPLAYER.INI
[2011/01/05 09:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/05 09:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/07/05 13:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
[2009/11/29 20:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2009/10/22 09:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2009/09/03 11:38:47 | 000,025,600 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

 

[mom26gr8kids]

Here's the rest of the log


========== LOP Check ==========

[2012/11/12 11:41:00 | 000,000,000 | -HSD | M] -- C:\Users\Dad\AppData\Roaming\.#
[2012/12/03 16:42:56 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.minecraft
[2012/09/04 09:00:55 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\.spoutcraft
[2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
[2009/01/19 19:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
[2011/11/17 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Allmyapps
[2010/07/23 10:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
[2009/09/03 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
[2010/07/10 00:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
[2010/12/06 13:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
[2010/12/28 15:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
[2010/11/04 15:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
[2010/07/08 17:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
[2010/01/30 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
[2009/09/30 19:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
[2009/08/31 08:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
[2011/03/28 11:01:48 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\FTW
[2010/07/21 15:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
[2010/02/05 13:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/12/22 00:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
[2010/08/02 17:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
[2012/11/06 15:20:52 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\IrfanView
[2009/08/26 20:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2011/03/28 11:28:51 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Libronix DLS
[2009/09/11 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
[2009/08/26 21:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
[2012/06/04 17:15:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\New Folder
[2010/03/22 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
[2012/05/26 20:34:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Oberon Media
[2011/03/21 09:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
[2011/06/07 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz
[2011/05/26 19:07:31 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Stykz Help
[2010/07/09 19:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
[2010/10/11 21:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
[2009/11/27 22:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
[2011/11/07 13:51:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Unity
[2010/12/25 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
[2010/12/17 18:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots

========== Purity Check ==========



< End of report >

 

[Jay Pfoutz]

Go to Google Chrome, hit the Tool button at the top right, and select Settings.

Find the Search Engines section, select Manage search engines...

Find Funmoods listed, right-click and delete it or click the X at the far right.

Once done, let me know of any other issues.

 

[mom26gr8kids]

Okay, funmoods is removed from the search engines on google and there is nothing going on with my computer. Everything is running smoothly here. Thanks for your help. Do you have the link so that I can download Web of Trust onto google chrome. I've heard several friends mention things about google chrome that they think it's not as safe. However, these days a lot of people repeat things they hear and never do any research. Since you do a lot with virus removal do you have an opinion about which is safest? Mozilla, Google or IE? Thanks for all your help and for answering my questions.

 

[Jay Pfoutz]

http://www.mywot.com - Web-of-Trust official site.

It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point

• Go to Control Panel and select System and Maintenance
• Select System
• On the left select Advance System Settings and accept the warning if you get one
• Select System Protection Tab
• Select Create at the bottom
• Type in a name I.e. Clean
• Select Create

Remove tools, temp files, old Restore Points

Please run OTL

• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:
  
  

  :files
  ipconfig /flushdns /c
  
  :commands
  [CLEARALLRESTOREPOINTS]
  [emptyflash]
  [emptytemp]
  [emptyjava]
  [reboot]

• Then click the Run Fix button at the top.
• Note: The fix for OTL sometimes hides your Desktop and Start menu so the cleanup can be completed. Do not be alerted, as this is normal.
• It may open a log for you, but I don't need that.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp button.
• Select Yes when the "Begin cleanup Process?" prompt appears.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

[Jay Pfoutz]

Topic marked solved.