TechSpot

Hard drive clusters partly damaged!

By Teacher27
Feb 14, 2012
  1. I followed instructions on another page and this is what I came up with!

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25
    Run by Sarah at 20:11:43 on 2012-02-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.694 [GMT 4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\ACER\Preload\Command\AlaunchX\AppInRun.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\PLFSetL.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Logitech\Vid HD\Vid.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Users\Sarah\AppData\Local\Temp\RtkBtMnt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=1009&s=2&o=vp32&d=0511&m=aspire_4720z
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = www.google.ca
    mDefault_Page_URL = www.google.ca
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Premiumplay Codec-C: {11111111-1111-1111-1111-110011041135} - c:\program files\premiumplay codec-c\Premiumplay Codec-C.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
    uRun: [Sidebar] "c:\program files\windows sidebar\Sidebar.exe" /autorun
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [LManager] c:\progra~1\launch~1\LManager.exe
    mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
    mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTray.exe
    mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Trigger New Acer AlaunchX] c:\acer\preload\command\alaunchx\AppInRun.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
    mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
    mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PLFSetL] c:\windows\PLFSetL.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [openvpn-gui] c:\users\sarah\documents\bin\openvpn-gui.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\sarah\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9F891551-D059-44CD-90DB-EEBBC86AAF4C} : DhcpNameServer = 10.118.0.1
    TCP: Interfaces\{B2982F79-2AC8-47C4-AC6D-A6A01C2FF65C} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\sarah\appdata\roaming\mozilla\firefox\profiles\ojkqtu56.default\
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=101570&babsrc=adbartrp&mntrId=cebd842b00000000000000ff9f891551&q=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=101570&babsrc=HP_ss&mntrId=cebd842b00000000000000ff9f891551
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.51204.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - cebd842b00000000000000ff9f891551
    FF - user.js: extensions.BabylonToolbar_i.hardId - cebd842b00000000000000ff9f891551
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15379
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:21:37
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101570
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-25 165648]
    R1 MpKsl31d733f9;MpKsl31d733f9;c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\MpKsl31d733f9.sys [2012-2-14 29904]
    R1 MpKsle5399d07;MpKsle5399d07;c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\MpKsle5399d07.sys [2012-2-14 29904]
    R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-5-3 75048]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2008-9-4 666144]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-14 652360]
    R2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-10-10 19504]
    R2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-10-10 16432]
    R2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-10-10 59952]
    R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2008-10-27 306736]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-3-10 44800]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-14 20464]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-25 43392]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-25 65024]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
    R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2007-3-28 43008]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2008-1-21 21504]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-4 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-10 4640000]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-02-14 15:33:45 720352 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-14 15:32:07 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\MpKsle5399d07.sys
    2012-02-14 15:00:39 -------- d-----w- c:\users\sarah\appdata\roaming\Malwarebytes
    2012-02-14 15:00:24 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-14 15:00:21 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-14 15:00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-14 14:16:24 29904 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\MpKsl31d733f9.sys
    2012-02-14 14:04:40 56200 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\offreg.dll
    2012-02-14 12:32:11 6557240 ---ha-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b5909f8b-45e7-4c0b-813a-0e725e185326}\mpengine.dll
    2012-02-11 06:43:01 713784 ---h--w- c:\programdata\microsoft\microsoft antimalware\definition updates\{ea4722e8-a129-4515-a445-517437418bab}\gapaengine.dll
    2012-02-09 12:21:57 -------- d--h--w- c:\users\sarah\appdata\local\Premiumplay Codec-C
    2012-02-09 12:21:54 -------- d--h--w- c:\program files\Premiumplay Codec-C
    2012-02-09 12:21:48 -------- d--h--w- C:\codec-info
    2012-02-09 12:21:39 -------- d--h--w- c:\program files\BabylonToolbar
    2012-02-09 12:21:33 -------- d--h--w- c:\users\sarah\appdata\local\Babylon
    2012-02-09 12:21:32 -------- d--h--w- c:\users\sarah\appdata\roaming\Babylon
    2012-02-09 12:21:32 -------- d--h--w- c:\programdata\Babylon
    2012-02-09 12:19:33 -------- d--h--w- c:\programdata\100
    2012-02-09 12:19:31 -------- d--h--w- c:\programdata\InstallMate
    2012-01-26 09:20:01 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-26 09:20:01 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-26 09:20:01 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-26 09:20:00 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-26 09:20:00 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-26 09:20:00 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-24 16:15:36 69464 ---ha-w- c:\windows\system32\XAPOFX1_3.dll
    2012-01-24 16:15:35 515416 ---ha-w- c:\windows\system32\XAudio2_5.dll
    2012-01-24 16:15:35 453456 ---ha-w- c:\windows\system32\d3dx10_42.dll
    2012-01-24 16:14:18 525656 ---ha-w- c:\program files\common files\windows live\.cache\3709ebe01ccdab307\DXSETUP.exe
    2012-01-24 16:14:17 94040 ---ha-w- c:\program files\common files\windows live\.cache\3709ebe01ccdab307\DSETUP.dll
    2012-01-24 16:14:17 1691480 ---ha-w- c:\program files\common files\windows live\.cache\3709ebe01ccdab307\dsetup32.dll
    2012-01-24 16:14:05 94040 ---ha-w- c:\program files\common files\windows live\.cache\2f6e4a201ccdab306\DSETUP.dll
    2012-01-24 16:14:05 525656 ---ha-w- c:\program files\common files\windows live\.cache\2f6e4a201ccdab306\DXSETUP.exe
    2012-01-24 16:14:05 1691480 ---ha-w- c:\program files\common files\windows live\.cache\2f6e4a201ccdab306\dsetup32.dll
    2012-01-24 16:13:00 -------- d--h--w- c:\users\sarah\appdata\local\Windows Live
    .
    ==================== Find3M ====================
    .
    2012-01-31 12:44:05 237072 ---h--w- c:\windows\system32\MpSigStub.exe
    2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 20:23:34 1205064 ----a-w- c:\windows\system32\ntdll.dll
    2011-11-18 17:47:03 66560 ----a-w- c:\windows\system32\packager.dll
    .
    ============= FINISH: 20:12:34.81 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 03/05/2011 11:59:44 PM
    System Uptime: 14/02/2012 7:26:36 PM (1 hours ago)
    .
    Motherboard: Acer, Inc. | | Nestos
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | U2E1 | 1733/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 70 GiB total, 14.669 GiB free.
    D: is FIXED (NTFS) - 70 GiB total, 69.29 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Acer Arcade Deluxe
    Acer Assist
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer Crystal Eye Webcam Video Class Camera
    Acer GridVista
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.0.1)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Agere Systems HDA Modem
    Airport Mania First Flight
    Apple Application Support
    Apple Mobile Device Support
    Babylon toolbar on IE
    Backup Manager Basic
    Bonjour
    C:\Program Files\Acer GameZone\GameConsole
    Cake Mania 2
    CameraHelperMsi
    Carbonite Online Backup Setup
    Compatibility Pack for the 2007 Office system
    Cooking Dash
    Cradle of Rome
    Dairy Dash
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    DiskAid 4.64
    Dream Day Honeymoon
    erLT
    eSobi v2
    Free YouTube to MP3 Converter version 3.10.5.722
    Galapago
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 25
    Jewel Quest Solitaire
    Junk Mail filter update
    K-Lite Codec Pack 7.1.0 (Standard)
    Launch Manager
    Logitech Vid HD
    Logitech Webcam Software
    Luxor 2
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Mahjong Escape Ancient China
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 4.0 (x86 en-US)
    Mozilla Thunderbird (3.1.9)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyWinLocker
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    Ocean Express
    Orion
    Parking Dash
    PDF Settings
    Premiumplay Codec-C
    Puzzle Express
    QuickTime
    Rainbow Web
    Realtek High Definition Audio Driver
    RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Skype Click to Call
    Skype™ 5.5
    System Requirements Lab for Intel
    Tradewinds 2
    Tri-Peaks Solitaire To Go
    Turbo Pizza
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
    Update for Microsoft Outlook Social Connector (KB2583935)
    VLC media player 1.1.9
    Wedding Dash
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WiTopia.Net personalVPN 1.8
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    14/02/2012 7:30:09 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    14/02/2012 7:27:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.
    14/02/2012 7:27:40 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    14/02/2012 7:27:40 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    14/02/2012 7:26:58 PM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel DebugChannel. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
    14/02/2012 6:17:27 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    14/02/2012 6:10:36 PM, Error: EventLog [6008] - The previous system shutdown at 6:06:44 PM on 14/02/2012 was unexpected.
    08/02/2012 7:27:35 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.119.4.238 for the Network Card with network address 00FF9F891551 has been denied by the DHCP server 10.119.6.161 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-02-14 20:08:28
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 TOSHIBA_MK1646GSX rev.LB113J
    Running: 7ug1v4l2.exe; Driver: C:\Users\Sarah\AppData\Local\Temp\uwdoypow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? System32\drivers\lpijwn.sys The system cannot find the path specified. !

    ---- Files - GMER 1.0.15 ----

    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\$FlushFS.Now 0 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01017.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01018.log 131072 bytes
    File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS01019.log 131072 bytes

    ---- EOF - GMER 1.0.15 ----


    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.14.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Sarah :: SARAH-PC [administrator]

    Protection: Enabled

    14/02/2012 7:01:38 PM
    mbam-log-2012-02-14 (19-01-38).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 186079
    Time elapsed: 21 minute(s), 28 second(s)

    Memory Processes Detected: 2
    C:\ProgramData\RhXKiTAQTdkfUsv.exe (Trojan.FakeAlert) -> 3600 -> Delete on reboot.
    C:\ProgramData\9waqpM1nQZn4JK.exe (Trojan.FakeAlert) -> 4636 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RhXKiTAQTdkfUsv.exe (Trojan.FakeAlert) -> Data: C:\ProgramData\RhXKiTAQTdkfUsv.exe -> Quarantined and deleted successfully.

    Registry Data Items Detected: 4
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\RhXKiTAQTdkfUsv.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\ProgramData\9waqpM1nQZn4JK.exe (Trojan.FakeAlert) -> Delete on reboot.
    C:\Users\Sarah\AppData\Local\Temp\ueabklu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    (end)


    What happens next? Any help would be great! Thanks!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  3. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    I get a blue screen when I try to run the scan for aswMBR. What should I do to get it to work?
    I tried to go in safe mode but my laptop just restarts when I try so safe mode is not an option.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Proceed with Bootkit Remover.
     
  5. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`70a00000
    Boot sector MD5 is: 10db723421b4c67663b09f7c08e4d4c6

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...
     
  6. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download and run ListParts by Farbar (for 32-bit system)

    Please download and run ListParts64 by Farbar (for 64-bit system)

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  7. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    ListParts by Farbar
    Ran by Sarah on 19-02-2012 at 16:23:19
    Windows Vista (X86)
    Running From: C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U7W9MSVI
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 67%
    Total physical RAM: 2037.68 MB
    Available physical RAM: 654.9 MB
    Total Pagefile: 4324.66 MB
    Available Pagefile: 1995.4 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.14 MB

    ======================= Partitions =========================

    1 Drive c: (ACER) (Fixed) (Total:69.77 GB) (Free:15.85 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
    2 Drive d: (DATA) (Fixed) (Total:69.52 GB) (Free:69.29 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 149 GB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 10 GB 32 KB
    Partition 2 Primary 70 GB 10 GB
    Partition 3 Primary 70 GB 80 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C ACER NTFS Partition 70 GB Healthy System (partition with boot components)

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D DATA NTFS Partition 70 GB Healthy



    ****** End Of Log ******
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    ComboFix 12-02-19.02 - Sarah 20/02/2012 15:20:32.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2038.1249 [GMT 4:00]
    Running from: c:\users\Sarah\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\~9waqpM1nQZn4JK
    c:\programdata\~9waqpM1nQZn4JKr
    c:\programdata\100
    c:\programdata\9waqpM1nQZn4JK
    c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
    c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
    c:\users\Sarah\Desktop\System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-20 11:44 . 2012-02-20 11:46 -------- d-----w- c:\users\Sarah\AppData\Local\temp
    2012-02-20 11:44 . 2012-02-20 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-19 12:13 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C5236139-0DDD-4DA5-B201-FFC679C8E8D6}\mpengine.dll
    2012-02-14 15:33 . 2012-02-20 08:58 720352 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2012-02-14 15:00 . 2012-02-14 15:00 -------- d-----w- c:\users\Sarah\AppData\Roaming\Malwarebytes
    2012-02-14 15:00 . 2012-02-14 15:00 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-14 15:00 . 2012-02-14 15:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-02-14 15:00 . 2011-12-10 11:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-11 06:43 . 2012-02-11 06:42 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA4722E8-A129-4515-A445-517437418BAB}\gapaengine.dll
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d--h--w- c:\users\Sarah\AppData\Local\Premiumplay Codec-C
    2012-02-09 12:21 . 2012-02-09 12:22 -------- d--h--w- c:\program files\Premiumplay Codec-C
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d-----w- C:\codec-info
    2012-02-09 12:21 . 2012-02-09 12:21 237 ---ha-w- C:\user.js
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d--h--w- c:\program files\BabylonToolbar
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d--h--w- c:\users\Sarah\AppData\Local\Babylon
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d--h--w- c:\users\Sarah\AppData\Roaming\Babylon
    2012-02-09 12:21 . 2012-02-09 12:21 -------- d--h--w- c:\programdata\Babylon
    2012-02-09 12:19 . 2012-02-09 12:22 -------- d--h--w- c:\programdata\InstallMate
    2012-01-26 09:20 . 2011-11-17 06:48 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-01-26 09:20 . 2011-11-16 16:23 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-01-26 09:20 . 2011-11-16 16:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll
    2012-01-26 09:20 . 2011-11-16 16:23 377344 ----a-w- c:\windows\system32\winhttp.dll
    2012-01-26 09:20 . 2011-11-16 16:23 72704 ----a-w- c:\windows\system32\secur32.dll
    2012-01-26 09:20 . 2011-11-16 14:12 9728 ----a-w- c:\windows\system32\lsass.exe
    2012-01-24 16:15 . 2009-09-04 13:44 69464 ---ha-w- c:\windows\system32\XAPOFX1_3.dll
    2012-01-24 16:15 . 2009-09-04 13:44 515416 ---ha-w- c:\windows\system32\XAudio2_5.dll
    2012-01-24 16:15 . 2009-09-04 13:29 453456 ---ha-w- c:\windows\system32\d3dx10_42.dll
    2012-01-24 16:14 . 2012-01-24 16:14 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\3709ebe01ccdab307\DXSETUP.exe
    2012-01-24 16:14 . 2012-01-24 16:14 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\3709ebe01ccdab307\dsetup32.dll
    2012-01-24 16:14 . 2012-01-24 16:14 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\3709ebe01ccdab307\DSETUP.dll
    2012-01-24 16:14 . 2012-01-24 16:14 525656 ---ha-w- c:\program files\Common Files\Windows Live\.cache\2f6e4a201ccdab306\DXSETUP.exe
    2012-01-24 16:14 . 2012-01-24 16:14 94040 ---ha-w- c:\program files\Common Files\Windows Live\.cache\2f6e4a201ccdab306\DSETUP.dll
    2012-01-24 16:14 . 2012-01-24 16:14 1691480 ---ha-w- c:\program files\Common Files\Windows Live\.cache\2f6e4a201ccdab306\dsetup32.dll
    2012-01-24 16:13 . 2012-01-24 16:13 -------- d--h--w- c:\users\Sarah\AppData\Local\Windows Live
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-31 12:44 . 2011-05-06 19:58 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-06 04:19 . 2011-05-08 02:17 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-11-25 15:59 . 2012-01-12 11:52 376320 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:37 . 2011-12-15 11:18 2043904 ----a-w- c:\windows\system32\win32k.sys
    2011-03-18 17:53 . 2011-05-04 11:14 142296 ---ha-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11111111-1111-1111-1111-110011041135}]
    2012-01-17 17:46 470528 ---ha-w- c:\program files\Premiumplay Codec-C\Premiumplay Codec-C.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-10-27 16:05 40496 ---ha-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
    "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
    "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2009-02-12 862728]
    "BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-03-10 249600]
    "Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-03-11 715296]
    "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2008-10-27 199464]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-28 6957600]
    "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
    "Trigger New Acer AlaunchX"="c:\acer\Preload\Command\AlaunchX\AppInRun.exe" [2009-02-17 204800]
    "PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
    "ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-02-19 156968]
    "CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-02-19 202024]
    "PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-02-06 173288]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
    "PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 11:15]
    .
    2012-02-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 11:15]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = www.google.ca
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ojkqtu56.default\
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=101570&babsrc=adbartrp&mntrId=cebd842b00000000000000ff9f891551&q=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=101570&babsrc=HP_ss&mntrId=cebd842b00000000000000ff9f891551
    FF - user.js: extensions.BabylonToolbar_i.id - cebd842b00000000000000ff9f891551
    FF - user.js: extensions.BabylonToolbar_i.hardId - cebd842b00000000000000ff9f891551
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15379
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:21
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101570
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-openvpn-gui - c:\users\Sarah\Documents\bin\openvpn-gui.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-20 15:46
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    Completion time: 2012-02-20 15:52:09
    ComboFix-quarantined-files.txt 2012-02-20 11:52
    .
    Pre-Run: 15,970,729,984 bytes free
    Post-Run: 17,724,510,208 bytes free
    .
    - - End Of File - - 5A9B4789FE2B93334EEA1B618FC99A61
     
  10. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    OTL logfile created on: 21/02/2012 7:39:35 PM - Run 1
    OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Sarah\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.81% Memory free
    4.22 Gb Paging File | 2.23 Gb Available in Paging File | 52.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.77 Gb Total Space | 15.89 Gb Free Space | 22.77% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 69.29 Gb Free Space | 99.68% Space Free | Partition Type: NTFS

    Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/21 19:36:29 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
    PRC - [2012/02/21 16:57:11 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sarah\AppData\Local\temp\RtkBtMnt.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/08/19 13:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/08/12 20:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2011/08/12 20:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/08/12 20:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/06/15 22:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2011/04/27 22:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
    PRC - [2011/04/27 22:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    PRC - [2011/04/27 22:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    PRC - [2011/01/13 06:01:28 | 006,129,496 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Vid HD\Vid.exe
    PRC - [2009/04/11 06:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/11 09:09:28 | 000,715,296 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    PRC - [2009/03/11 09:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    PRC - [2009/03/10 07:53:02 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
    PRC - [2009/03/10 07:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2009/02/19 18:25:20 | 000,202,024 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/02/19 18:25:14 | 000,156,968 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
    PRC - [2009/02/17 15:09:10 | 000,204,800 | ---- | M] () -- C:\ACER\Preload\Command\AlaunchX\AppInRun.exe
    PRC - [2009/02/12 08:21:14 | 000,862,728 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
    PRC - [2009/02/06 20:49:00 | 000,173,288 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
    PRC - [2008/12/18 20:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
    PRC - [2008/12/04 21:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/12/04 21:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/10/27 23:09:16 | 000,199,464 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
    PRC - [2008/10/27 20:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
    PRC - [2008/07/30 02:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2007/07/05 19:35:54 | 000,094,208 | ---- | M] (sonix) -- C:\Windows\PLFSetL.exe
    PRC - [2006/10/05 19:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/08/22 23:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011/08/12 20:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    MOD - [2011/08/12 20:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011/03/17 07:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2011/01/13 05:57:34 | 000,751,616 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\vpxmd.dll
    MOD - [2011/01/13 05:55:28 | 000,027,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\SDL.dll
    MOD - [2010/10/20 22:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/05/08 01:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2010/05/08 01:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2010/05/08 01:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2010/05/08 01:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2010/05/08 01:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2009/04/23 01:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtNetwork4.dll
    MOD - [2009/04/10 03:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtCore4.dll
    MOD - [2009/03/04 02:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
    MOD - [2009/03/04 02:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qico4.dll
    MOD - [2009/03/04 02:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\plugins\imageformats\qgif4.dll
    MOD - [2009/03/04 02:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtWebKit4.dll
    MOD - [2009/03/04 02:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtXml4.dll
    MOD - [2009/03/04 02:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtSql4.dll
    MOD - [2009/03/04 02:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtOpenGL4.dll
    MOD - [2009/03/04 02:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\QtGui4.dll
    MOD - [2009/03/04 02:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files\Logitech\Vid HD\phonon4.dll
    MOD - [2009/02/19 18:25:24 | 000,872,448 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
    MOD - [2009/02/19 18:25:18 | 000,007,680 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
    MOD - [2009/02/17 15:09:10 | 000,204,800 | ---- | M] () -- C:\ACER\Preload\Command\AlaunchX\AppInRun.exe
    MOD - [2009/02/02 05:28:14 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
    MOD - [2008/07/30 02:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2003/06/07 09:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/09/01 02:33:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/08/19 13:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2011/04/27 22:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV - [2011/04/27 22:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/06/21 20:00:24 | 000,037,888 | ---- | M] () [On_Demand | Stopped] -- C:\Users\Sarah\Documents\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2009/03/11 09:09:26 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV - [2009/03/10 07:53:02 | 000,044,800 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2008/12/18 20:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
    SRV - [2008/12/04 21:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/11/03 15:37:58 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
    SRV - [2008/10/27 20:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
    SRV - [2008/01/21 06:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/10/05 19:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/08/19 13:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C270(UVC)
    DRV - [2011/08/19 13:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
    DRV - [2011/04/27 22:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/04/18 20:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
    DRV - [2010/06/21 20:02:13 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
    DRV - [2010/05/08 01:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/11/04 09:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/11/03 15:32:20 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
    DRV - [2008/10/10 00:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV - [2008/10/10 00:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV - [2008/10/10 00:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV - [2007/10/01 21:59:46 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
    DRV - [2007/08/09 03:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/03/28 14:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
    DRV - [2007/03/09 21:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 17:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=101570&babsrc=adbartrp&mntrId=cebd842b00000000000000ff9f891551&q="
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=101570&babsrc=HP_ss&mntrId=cebd842b00000000000000ff9f891551"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/04 15:14:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/05/04 15:22:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

    [2011/05/06 03:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
    [2012/02/09 16:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ojkqtu56.default\extensions
    [2011/06/08 01:53:37 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ojkqtu56.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    [2012/02/09 16:21:57 | 000,000,000 | ---D | M] ("Premiumplay Codec-C") -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ojkqtu56.default\extensions\crossriderapp435@crossrider.com
    [2012/02/09 16:21:38 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\ojkqtu56.default\extensions\ffxtlbr@babylon.com
    [2011/06/14 02:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/12/17 17:06:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/05/04 15:21:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
    [2011/05/04 03:47:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2011/03/18 21:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/09 16:21:35 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2010/01/01 12:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2012/02/20 15:46:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Premiumplay Codec-C) - {11111111-1111-1111-1111-110011041135} - C:\Program Files\Premiumplay Codec-C\Premiumplay Codec-C.dll (WebPicks)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
    O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix)
    O4 - HKLM..\Run: [Trigger New Acer AlaunchX] c:\ACER\Preload\Command\AlaunchX\AppInRun.exe ()
    O4 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
    O7 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
    O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F891551-D059-44CD-90DB-EEBBC86AAF4C}: DhcpNameServer = 10.118.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2982F79-2AC8-47C4-AC6D-A6A01C2FF65C}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img10.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img10.jpg
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/21 19:36:40 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
    [2012/02/20 19:48:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Virus fixing stuff
    [2012/02/20 15:52:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/02/20 15:52:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/02/20 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
    [2012/02/20 15:13:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/02/20 15:13:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/02/20 15:13:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/02/20 15:13:36 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/20 15:13:31 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/02/20 15:12:43 | 004,414,512 | R--- | C] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
    [2012/02/15 16:18:16 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2012/02/14 19:00:39 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
    [2012/02/14 19:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/02/14 19:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/02/14 19:00:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/02/14 19:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/02/09 16:21:57 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Premiumplay Codec-C
    [2012/02/09 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\Premiumplay Codec-C
    [2012/02/09 16:21:48 | 000,000,000 | ---D | C] -- C:\codec-info
    [2012/02/09 16:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
    [2012/02/09 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Babylon
    [2012/02/09 16:21:32 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Babylon
    [2012/02/09 16:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/02/09 16:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
    [2012/01/24 20:13:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Windows Live
    [2011/05/04 22:36:02 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
    [2011/05/04 22:36:02 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/02/21 19:36:29 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
    [2012/02/21 19:30:10 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/02/21 19:30:10 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/02/21 19:12:27 | 000,295,042 | ---- | M] () -- C:\Windows\System32\shimg.dll
    [2012/02/21 18:52:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/21 17:36:30 | 000,618,894 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/21 17:36:30 | 000,115,018 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/21 17:32:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/02/21 17:31:05 | 001,725,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/02/21 17:30:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/02/21 17:28:59 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/20 15:46:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/02/20 15:12:35 | 004,414,512 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
    [2012/02/15 16:38:52 | 186,042,269 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/02/14 18:13:12 | 000,000,633 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/09 16:21:40 | 000,000,237 | ---- | M] () -- C:\user.js

    ========== Files Created - No Company Name ==========

    [2012/02/21 19:12:27 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
    [2012/02/20 15:37:29 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
    [2012/02/20 15:37:29 | 000,001,924 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
    [2012/02/20 15:37:29 | 000,001,900 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orion.lnk
    [2012/02/20 15:37:29 | 000,001,876 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Registration.lnk
    [2012/02/20 15:37:29 | 000,001,856 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
    [2012/02/20 15:37:29 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
    [2012/02/20 15:37:29 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/02/20 15:37:29 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    [2012/02/20 15:37:29 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2012/02/20 15:37:29 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
    [2012/02/20 15:37:29 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/02/20 15:37:29 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
    [2012/02/20 15:37:29 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
    [2012/02/20 15:37:29 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
    [2012/02/20 15:37:29 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2012/02/20 15:37:29 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
    [2012/02/20 15:37:29 | 000,001,092 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
    [2012/02/20 15:37:29 | 000,001,061 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
    [2012/02/20 15:37:29 | 000,001,020 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
    [2012/02/20 15:37:29 | 000,001,006 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
    [2012/02/20 15:37:29 | 000,000,968 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
    [2012/02/20 15:37:29 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012/02/20 15:13:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/02/20 15:13:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/02/20 15:13:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/02/20 15:13:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/02/20 15:13:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/02/15 17:24:33 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/02/15 16:18:03 | 186,042,269 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/02/14 18:13:12 | 000,000,633 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2012/02/09 16:21:40 | 000,000,237 | ---- | C] () -- C:\user.js
    [2011/12/18 17:54:33 | 000,006,080 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
    [2011/08/19 20:43:43 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2011/08/19 13:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
    [2011/08/19 13:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
    [2011/08/19 13:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
    [2011/08/12 20:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
    [2011/07/26 10:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
    [2011/05/06 03:43:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/05 23:13:49 | 000,018,944 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/04 22:36:03 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
    [2011/05/04 22:36:03 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
    [2011/05/04 22:36:02 | 001,769,984 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys
    [2011/05/04 22:36:02 | 000,028,160 | ---- | C] () -- C:\Windows\System32\sncduvc.sys
    [2011/05/04 22:36:02 | 000,000,169 | ---- | C] () -- C:\Windows\System32\PidList.ini
    [2011/05/04 22:36:02 | 000,000,169 | ---- | C] () -- C:\Windows\PidList.ini
    [2011/05/04 19:03:45 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2011/05/04 15:22:11 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2011/05/04 00:18:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/05/04 00:18:25 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/05/03 23:43:59 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
    [2011/05/03 23:43:59 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
    [2011/05/03 23:43:59 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
    [2010/05/08 01:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

    ========== LOP Check ==========

    [2008/09/04 04:52:14 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
    [2008/09/04 04:52:14 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
    [2011/05/03 23:41:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acer
    [2008/09/04 04:52:14 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Acer GameZone Console
    [2011/05/05 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG10
    [2012/02/09 16:21:32 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Babylon
    [2011/08/02 06:03:10 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DiskAid
    [2011/07/26 22:07:33 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoft
    [2011/06/08 01:53:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/05/03 23:41:23 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
    [2011/08/27 04:41:00 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\PowerCinema
    [2011/08/27 04:41:12 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\SoftDMA
    [2012/02/21 17:24:48 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/19 01:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 06:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/09/03 14:34:54 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/02/20 15:52:09 | 000,012,099 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/19 01:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/02/21 17:28:59 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/21 17:28:58 | 2451,238,912 | -HS- | M] () -- C:\pagefile.sys
    [2008/09/04 04:26:02 | 000,001,843 | ---- | M] () -- C:\RHDSetup.log
    [2011/05/04 22:24:56 | 000,000,320 | ---- | M] () -- C:\Setup.log
    [2012/02/09 16:21:40 | 000,000,237 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2006/11/02 16:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 16:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 16:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/05/04 00:30:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/19 01:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 16:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/04/17 07:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 06:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 07:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 07:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 07:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 14:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 14:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/20 15:12:35 | 004,414,512 | R--- | M] (Swearware) -- C:\Users\Sarah\Desktop\ComboFix.exe
    [2012/02/21 19:36:29 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
    [2008/09/11 19:31:48 | 044,814,336 | ---- | M] (Adobe Systems, Incorporated) -- C:\Users\Sarah\Desktop\Photoshop.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/05/03 23:40:52 | 000,000,402 | -HS- | M] () -- C:\Users\Sarah\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/05/03 23:56:26 | 000,006,838 | ---- | M] () -- C:\ProgramData\ArcadeDeluxe2.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    Acer Crystal Eye webcam.EXE

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  12. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    OTL Extras logfile created on: 21/02/2012 7:39:35 PM - Run 1
    OTL by OldTimer - Version 3.2.33.1 Folder = C:\Users\Sarah\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    1.99 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 50.81% Memory free
    4.22 Gb Paging File | 2.23 Gb Available in Paging File | 52.92% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 69.77 Gb Total Space | 15.89 Gb Free Space | 22.77% Space Free | Partition Type: NTFS
    Drive D: | 69.52 Gb Total Space | 69.29 Gb Free Space | 99.68% Space Free | Partition Type: NTFS

    Computer Name: SARAH-PC | User Name: Sarah | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{685909E9-999A-489F-9B21-AC624CD2807C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E159ED64-8A30-45AD-9FCA-898C35AE9DD4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{E5CA09F3-832E-41D4-A964-C9990FB849F3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01590F5C-2D38-4E98-9BC1-574AE0D956F6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{13CBA511-BCF4-44E4-B060-7F9F8B330199}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{1BEDFAEA-8EFD-46A5-B17F-F84E5724F429}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{22A1FEBC-3FAB-45F5-9E31-FF95CB346A4A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{2641E345-63E7-487B-AE66-988E106620B0}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
    "{2BBB1C2A-62B9-439D-B397-885637BF5232}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{2DD36E72-2961-4C5D-AA2C-90868CE9654C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{2EE60DE3-89F6-4BF3-B435-04E817CFA22E}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
    "{32707B09-8A5F-4B35-A61A-54875DE45DFB}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{5762964C-B06D-4B33-813D-A8ED6A898795}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{66A2BB52-3504-4524-9DAB-8FCD7E57C983}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
    "{6D8EED39-DA28-4497-AE7E-5E3E93ED78F4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{7206CF0F-EFD6-45B0-AD24-C1DFEA29A495}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
    "{74B03DDD-8D03-4A44-B7D9-7E966DA4226F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
    "{74EFF4E9-5C8F-4813-97A6-13796F7416C3}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{802526C2-A289-4E30-9FBC-CE47917CD6BB}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{8BD5DF14-9C8F-4668-AB99-43190422DC5A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{AA58F874-27A1-4746-8B74-4AD03C1DD02B}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{AD954EAF-273E-4556-9CB7-84C2102502D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AE1F0159-BDB1-4EFE-A617-7B837595315C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{B1D691E1-D136-4AEF-A1A1-7D9031063972}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{BBA7A37A-654C-478B-B0A8-5A6024C45719}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
    "{CA597A50-7AC5-4570-AC9B-D8FABFDC8B88}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{DDB71DD6-E555-4B83-92E6-214CB54CA043}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{DF84CC49-D5E4-4DC8-BCAD-BB0C9EBDCEF4}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
    "{E0FD1A4A-7EA6-46AA-AC25-19C020F24F1C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
    "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
    "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
    "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
    "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
    "{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
    "{54DF35BD-4A36-35DA-B029-A0C083C88614}" = Google Chrome
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
    "{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
    "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
    "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
    "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
    "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
    "{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
    "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
    "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "7-Zip" = 7-Zip 9.20
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
    "Agere Systems Soft Modem" = Agere Systems HDA Modem
    "BabylonToolbar" = Babylon toolbar on IE
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DiskAid_is1" = DiskAid 4.64
    "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.5.722
    "Google Desktop" = Google Desktop
    "GridVista" = Acer GridVista
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Standard)
    "LManager" = Launch Manager
    "Logitech Vid" = Logitech Vid HD
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
    "Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Premiumplay Codec-C" = Premiumplay Codec-C
    "TVWiz" = Intel(R) TV Wizard
    "VLC media player" = VLC media player 1.1.9
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WiTopia.Net personalVPN 1.8" = WiTopia.Net personalVPN 1.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 29/01/2012 11:29:27 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/01/2012 11:29:27 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/01/2012 11:29:28 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 29/01/2012 11:29:28 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 30/01/2012 8:02:59 AM | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 31/01/2012 8:22:20 AM | Computer Name = Sarah-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 31/01/2012 8:22:49 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 31/01/2012 8:22:50 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 31/01/2012 8:22:50 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 31/01/2012 8:22:50 AM | Computer Name = Sarah-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ System Events ]
    Error - 24/08/2011 9:43:38 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 24/08/2011 9:43:38 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 24/08/2011 9:43:38 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 24/08/2011 11:17:22 AM | Computer Name = Sarah-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 24/08/2011 9:49:48 PM | Computer Name = Sarah-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 24/08/2011 9:59:32 PM | Computer Name = Sarah-PC | Source = ACPI | ID = 327693
    Description = : The embedded controller (EC) did not respond within the specified
    timeout period. This may indicate that there is an error in the EC hardware or
    firmware or that the BIOS is accessing the EC incorrectly. You should check with
    your computer manufacturer for an upgraded BIOS. In some situations, this error
    may cause the computer to function incorrectly.

    Error - 25/08/2011 9:08:10 AM | Computer Name = Sarah-PC | Source = Microsoft Antimalware | ID = 3002
    Description = %%860 Real-Time Protection feature has encountered an error and failed.

    Feature:
    %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

    Error - 25/08/2011 9:08:10 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 25/08/2011 9:08:10 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 25/08/2011 9:08:10 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  13. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Computer seems to be working well and icons are no longer hidden! :)
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O15 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\..Trusted Domains: localhost ([]http in Local intranet)
      O15 - HKU\S-1-5-21-3546933854-2773587589-1864311148-1000\..Trusted Ranges: GD ([http] in Local intranet)
      [2012/02/14 18:13:12 | 000,000,633 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
      [2011/05/05 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG10
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===================================================================

    Last scans.....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    All processes killed
    ========== OTL ==========
    Registry key HKEY_USERS\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3546933854-2773587589-1864311148-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk moved successfully.
    C:\Users\Sarah\AppData\Roaming\AVG10\cfgall folder moved successfully.
    C:\Users\Sarah\AppData\Roaming\AVG10 folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Sarah
    ->Temp folder emptied: 35543964 bytes
    ->Temporary Internet Files folder emptied: 833949555 bytes
    ->Java cache emptied: 131567 bytes
    ->FireFox cache emptied: 7124505 bytes
    ->Flash cache emptied: 91238 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 9645922 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 845.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sarah
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Sarah
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.33.1 log created on 02252012_141625

    Files\Folders moved on Reboot...
    C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    File\Folder C:\Windows\temp\TMP00000002AC60608FEC075260 not found!

    Registry entries deleted on Reboot...
     
  16. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Go on..............
     
  17. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Can't update Java.
    "Java Platform SE binary has stopped"

    Should I skip this step?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,890   +344

  19. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Same problem but I did run JavaRA.
    Should I go on?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yeah, go ahead.
     
  21. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is disabled!)
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 25
    Out of date Java installed!
    Adobe Flash Player ( 10.2.152.26) Flash Player Out of Date!
    Adobe Reader X (10.0.1) Adobe Reader Out of Date!
    Mozilla Firefox (x86 en-US..)
    Mozilla Thunderbird (3.1.9) Thunderbird Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````
     
  22. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    Farbar Service Scanner Version: 22-02-2012
    Ran by Sarah (administrator) on 28-02-2012 at 20:27:31
    Running from "C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PT1U895L"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2011-11-09 22:13] - [2011-09-21 01:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Eset?...........
     
  24. Teacher27

    Teacher27 TS Rookie Topic Starter Posts: 16

    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
    C:\Users\Sarah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DDTP7BB\embed-cnx-7y5vkkyhg04h-653x400[1].htm HTML/Iframe.B.Gen virus
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...