TechSpot

Programs not installing or running, completed 8 steps

By mom26gr8kids
Mar 19, 2011
  1. I have Windows Vista 32 bit and despite all the complaints about Vista it hasn't given me any trouble until December. In December I tried to install several programs that I could not get to work. After contacting tech support I gave up and figured that it was just one of the disadvantages of having Vista and I set the programs aside to install on my laptop (I am waiting on a new hard drive). I had some previous problems also, I thought perhaps the display driver. I replaced the monitor in December and it has been better, but I am still having some issues with the computer, and the last couple days my Comodo has really been giving me problems, which caused me to think that I may have a virus.

    Here are my issues:
    1--on occasion the computer freezes up and has to be manually turned off, there have also been several occasions when I booted up (or rebooted and got a message saying that Windows needed to be repaired and I have been sent to this screen where Windows attempts to correct my issues. I also did a system restore once when Windows kept saying that it couldn't repair my computer.

    2--I have been unable to download games from a site that I have used frequently (Acer Gamezone by Oberon Media). In addition all games that I have previously purchased, played and had no trouble with no longer work. If my computer hadn't been having other issues then I would have contacted them first.

    3--When attempting to download new programs my Comodo will repeatedly ask me if it should allow launch.exe for whatever program I am attempting to download. The problem is it asks me that over and over and never actually downloads the program even though I click on allow. I had to turn Comodo off to even run the 8 steps.

    Here are my logs, I hope that you can help.

    .
    2011-03-19 23:05:12 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
    2011-03-19 23:05:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-19 23:05:00 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-19 23:04:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-19 23:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-19 21:21:31 758784 ----a-w- c:\windows\system32\cohelper.dll
    2011-03-19 21:20:49 -------- d-----w- c:\program files\LSI SoftModem
    2011-03-18 15:47:57 -------- d-----w- c:\program files\iPod
    2011-03-18 15:47:53 -------- d-----w- c:\program files\iTunes
    2011-03-18 15:41:28 -------- d-----w- c:\program files\Bonjour
    2011-03-09 19:20:01 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 19:19:58 723456 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 19:19:58 605184 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 19:19:58 190976 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 19:19:55 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 19:19:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-08 22:01:05 -------- d-----w- c:\program files\Application Updater
    2011-03-08 22:01:04 -------- d-----w- c:\program files\common files\Spigot
    2011-03-04 18:56:54 15256 ----a-w- c:\users\dad\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-02-18 22:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    .
    ==================== Find3M ====================
    .
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-04 01:47:01 319456 ----a-w- c:\windows\DIFxAPI.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-27 21:43:41 286720 ----a-w- c:\windows\iun506.exe
    2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 18:05:16.47 ===============


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/10/2006 7:16:20 PM
    System Uptime: 3/19/2011 5:24:45 PM (1 hours ago)
    .
    Motherboard: Acer | | WMCP78M
    Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 142 GiB total, 48.264 GiB free.
    D: is FIXED (NTFS) - 142 GiB total, 141.567 GiB free.
    E: is CDROM (CDFS)
    I: is Removable
    K: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1446: 3/10/2011 3:00:13 AM - Windows Update
    RP1448: 3/10/2011 1:04:15 PM - Configured Microsoft Office Home and Student 2007
    RP1449: 3/11/2011 8:08:47 AM - Windows Update
    RP1450: 3/12/2011 3:00:13 AM - Windows Update
    RP1451: 3/13/2011 4:00:12 AM - Windows Update
    RP1452: 3/14/2011 3:00:11 AM - Windows Update
    RP1453: 3/15/2011 3:00:13 AM - Windows Update
    RP1454: 3/16/2011 3:00:11 AM - Windows Update
    RP1455: 3/17/2011 9:13:25 AM - Windows Update
    RP1456: 3/18/2011 9:13:02 AM - Windows Update
    RP1457: 3/18/2011 9:42:13 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
    RP1458: 3/19/2011 3:00:13 AM - Windows Update
    RP1459: 3/19/2011 3:19:33 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    2002 Games
    Acer Arcade Live Main Page
    Acer Assist
    Acer DV Magician
    Acer DVDivine
    Acer eDataSecurity Management
    Acer Empowering Technology
    Acer eRecovery Management
    Acer HomeMedia
    Acer HomeMedia Connect
    Acer HomeMedia Trial Creator
    Acer Registration
    Acer ScreenSaver
    Acer SlideShow DVD
    Acer VideoMagician
    Acrobat.com
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.2
    Adobe Shockwave Player 11.5
    Agere Systems PCI-SV92EX Soft Modem
    Alice Greenfingers
    Alien Shooter
    Amazon MP3 Downloader 1.0.10
    Anna`s Ice Cream
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AV Input Selection
    Avenue Flo - Special Delivery
    AVG 2011
    Babysitting Mania
    Blood Ties
    Bonjour
    Bookworm Adventures
    Build In Time
    Burger Shop
    C:\Program Files\Acer GameZone\GameConsole
    Cake Mania
    Chicken Invaders 2
    Chocolatier
    Choice Guard
    COMODO Internet Security
    Cookie Domination
    Cooking Academy
    Cooking Dash
    Cooking Dash Diner Town Studios
    Coupon Printer for Windows
    Dairy Dash
    Direct Show Ogg Vorbis Filter (remove only)
    Doggie Dash
    Double Play Jojo’s Fashion Show 1 & 2
    Dream Day First Home
    Dream Day Wedding
    Dream Day Wedding Married in Manhattan
    eMusic Download Manager 4.1.4
    EPSON TWAIN 5
    Family Feud 3
    Fashion Dash
    Free Realms
    Free Realms Installer
    Galapago
    Garfield's Typing Pal
    Go-Go Gourmet
    Go Go Gourmet Chef of the Year
    Google Desktop
    Google SketchUp 8
    Guitar Praise
    Hax264 Codec 2.1.0.8
    Heroes of Hellas
    Home Sweet Home
    Hotel Dash Suite Success
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    igLoader
    ijji REACTOR
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Jessicas Cupcake Cafe
    Jewelleria
    Junk Mail filter update
    Kelly Green Garden Queen
    Kitchen Brigade
    LEGO Universe
    Lizard Safeguard - PDF Viewer 2.5.137
    LSI PCI-SV92EX Soft Modem
    Magic Farm
    Magic Match Adventures
    Malwarebytes' Anti-Malware
    Math Missions Grades 3-5
    Math Missions Grades K-2
    Mavis Beacon Teaches Typing 15
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Edition 2003
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Train Simulator
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.5.17)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery Solitaire - Secret Island
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA Stereoscopic 3D Driver
    OGA Notifier 2.0.0048.0
    Orchard
    Passport to Perfume™
    PDFCreator
    pdfforge Toolbar v4.3
    Picasa 3
    PlayReady PC runtime
    Puzzle and Board XP Championship
    QuickTime
    Roblox
    ScanToWeb
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Windows Media Encoder (KB2447961)
    Shopmania
    Spelling Dictionaries Support For Adobe Reader 9
    SpywareBlaster 4.2
    Sunshine Acres
    SUPERAntiSpyware Free Edition
    System Requirements Lab
    Teach Yourself to Play Guitar 1.8.1
    Timez Attack
    U.B. Funkeys
    Uninstall Dual Mode Camera
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Wedding Dash 2
    Wedding Dash Ready Aim Love
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Yard Sale Junkie
    Year 2 year-plan
    Year 3 Curriculum
    Year 3 Interface
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/19/2011 5:26:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
    3/19/2011 4:42:04 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
    3/19/2011 3:21:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Live Essentials 2011 (KB2434419).
    3/19/2011 3:02:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).
    3/18/2011 9:43:11 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/18/2011 9:41:51 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/18/2011 10:41:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    3/18/2011 10:41:11 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2011 10:41:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/16/2011 12:16:35 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.
    .
    ==== End Of File ===========================

    GMER 1.0.15.15565 - http://www.gmer.net
    Rootkit quick scan 2011-03-19 17:51:43
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.ST2O
    Running: hirnpq9w.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxtdapow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6108

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 7.0.6002.18005

    3/19/2011 5:23:14 PM
    mbam-log-2011-03-19 (17-23-14).txt

    Scan type: Quick scan
    Objects scanned: 155159
    Time elapsed: 4 minute(s), 41 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 1
    Registry Keys Infected: 5
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 3
    Files Infected: 5

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Delete on reboot.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Delete on reboot.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Delete on reboot.
    c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.
     
  2. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I also forgot to mention that I have been unable to update my Java or Adobe because of Comodo. I know that it's important to keep these programs up to date because they are susceptible to viruses, but Comodo will not let me install them. (Note I have not tried installing them with Comodo off)
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================================================

    Top of DDS.txt log is missing.
    Please, repost it.

    When done....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ========================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    rest of dds log

    Here is the DDS log that was missing. Only the top was missing, but I just re-copied and pasted the whole thing. You said after I did that I could begin the cleaning process you recommended. I don't have much time to do that tonight, so I will start tomorrow morning. In the meantime let me know if you find anything that changes the steps I have to follow. I have been gone most of the day, so I haven't been on the computer much. It hasn't given me any issues today (but I haven't tried installing or running any programs either except for Mozilla)

    Thanks
    Kendra
    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Dad at 17:59:09.00 on Sat 03/19/2011
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1499 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
    SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: COMODO Firewall *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\bin32\nSvcAppFlt.exe
    C:\Program Files\bin32\nSvcIp.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Dad\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
    uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
    mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
    mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
    mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
    mRun: [eRecoveryService]
    mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
    mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [<NO NAME>]
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\windows\system32\guard32.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\iwonei\installr\1.bin\NPjfEISb.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
    FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-26 130960]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-26 29520]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67656]
    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-19 269448]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-1-19 43552]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-19 517448]
    S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-03-19 23:05:12 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
    2011-03-19 23:05:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-19 23:05:00 -------- d-----w- c:\progra~2\Malwarebytes
    2011-03-19 23:04:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-19 23:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-19 21:21:31 758784 ----a-w- c:\windows\system32\cohelper.dll
    2011-03-19 21:20:49 -------- d-----w- c:\program files\LSI SoftModem
    2011-03-18 15:47:57 -------- d-----w- c:\program files\iPod
    2011-03-18 15:47:53 -------- d-----w- c:\program files\iTunes
    2011-03-18 15:41:28 -------- d-----w- c:\program files\Bonjour
    2011-03-09 19:20:01 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 19:19:58 723456 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 19:19:58 605184 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 19:19:58 190976 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 19:19:55 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-09 19:19:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-08 22:01:05 -------- d-----w- c:\program files\Application Updater
    2011-03-08 22:01:04 -------- d-----w- c:\program files\common files\Spigot
    2011-03-04 18:56:54 15256 ----a-w- c:\users\dad\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
    2011-02-18 22:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    .
    ==================== Find3M ====================
    .
    2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-04 01:47:01 319456 ----a-w- c:\windows\DIFxAPI.dll
    2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-27 21:43:41 286720 ----a-w- c:\windows\iun506.exe
    2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 18:00:04.07 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on..........
     
  6. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Combofix and MBR logs

    As it turns out I had to wait up for my boys, so I ran the scans. Here are the logs from them.

    ComboFix 11-03-19.04 - Dad 03/20/2011 22:02:31.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1689 [GMT -6:00]
    Running from: c:\users\Dad\Downloads\ComboFix.exe
    FW: COMODO Firewall *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
    SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
    c:\timezattack\TimezAttack.exe
    c:\users\Dad\AppData\Roaming\.#
    c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E62990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E629C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E629F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1448@2092990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1448@20929C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1448@20929F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F42990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F429C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F429F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E42990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E429C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E429F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F22990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F229C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F229F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@173C@722990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@173C@7229C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@173C@7229F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1790@2032990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1790@20329C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1790@20329F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@238@9C2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@238@9C29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@238@9C29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E82990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E829C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E829F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F02990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F029C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F029F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E92990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E929C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E929F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB29F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F82990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F829C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F829F0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC2990.###
    c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC29C0.###
    c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC29F0.###
    c:\users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
    c:\users\Dad\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
    .
    .
    2011-03-21 04:14 . 2011-03-21 04:15 -------- d-----w- c:\users\Dad\AppData\Local\temp
    2011-03-21 04:14 . 2011-03-21 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-03-19 23:05 . 2011-03-19 23:05 -------- d-----w- c:\users\Dad\AppData\Roaming\Malwarebytes
    2011-03-19 23:05 . 2011-03-19 23:05 -------- d-----w- c:\programdata\Malwarebytes
    2011-03-19 23:05 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-03-19 23:04 . 2011-03-19 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-03-19 23:04 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-03-19 21:21 . 2010-08-12 17:46 758784 ----a-w- c:\windows\system32\cohelper.dll
    2011-03-19 21:20 . 2011-03-19 21:20 -------- d-----w- c:\program files\LSI SoftModem
    2011-03-18 15:47 . 2011-03-18 15:47 -------- d-----w- c:\program files\iPod
    2011-03-18 15:47 . 2011-03-18 15:48 -------- d-----w- c:\program files\iTunes
    2011-03-18 15:41 . 2011-03-18 15:41 -------- d-----w- c:\program files\Bonjour
    2011-03-09 19:20 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-09 19:19 . 2011-01-05 01:07 723456 ----a-w- c:\windows\system32\sbe.dll
    2011-03-09 19:19 . 2011-01-05 01:07 605184 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-09 19:19 . 2011-01-05 01:06 190976 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-09 19:19 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-09 19:19 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-08 22:01 . 2011-03-08 22:01 -------- d-----w- c:\program files\Application Updater
    2011-03-08 22:01 . 2011-03-08 22:01 -------- d-----w- c:\program files\Common Files\Spigot
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-02-18 22:36 . 2011-02-18 22:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2011-02-18 22:36 . 2011-02-18 22:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
    2011-01-20 16:37 . 2011-02-10 22:40 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2011-01-20 16:08 . 2011-02-10 22:40 478720 ----a-w- c:\windows\system32\dxgi.dll
    2011-01-20 16:08 . 2011-02-10 22:40 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-20 16:08 . 2011-02-10 22:40 160768 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-01-20 16:08 . 2011-02-10 22:40 1029120 ----a-w- c:\windows\system32\d3d10.dll
    2011-01-20 16:08 . 2011-02-10 22:40 189952 ----a-w- c:\windows\system32\d3d10core.dll
    2011-01-20 16:07 . 2011-02-10 22:40 37376 ----a-w- c:\windows\system32\cdd.dll
    2011-01-20 16:07 . 2011-02-10 22:40 258048 ----a-w- c:\windows\system32\winspool.drv
    2011-01-20 16:07 . 2011-02-10 22:40 586240 ----a-w- c:\windows\system32\stobject.dll
    2011-01-20 16:06 . 2011-02-10 22:40 2873344 ----a-w- c:\windows\system32\mf.dll
    2011-01-20 16:06 . 2011-02-10 22:40 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
    2011-01-20 16:04 . 2011-02-10 22:40 209920 ----a-w- c:\windows\system32\mfplat.dll
    2011-01-20 16:04 . 2011-02-10 22:40 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-01-20 14:28 . 2011-02-10 22:40 1554432 ----a-w- c:\windows\system32\xpsservices.dll
    2011-01-20 14:27 . 2011-02-10 22:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-01-20 14:26 . 2011-02-10 22:40 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
    2011-01-20 14:25 . 2011-02-10 22:40 847360 ----a-w- c:\windows\system32\OpcServices.dll
    2011-01-20 14:24 . 2011-02-10 22:40 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-20 14:24 . 2011-02-10 22:40 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-20 14:15 . 2011-02-10 22:40 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-01-20 14:14 . 2011-02-10 22:40 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
    2011-01-20 14:14 . 2011-02-10 22:40 302592 ----a-w- c:\windows\system32\mfmp4src.dll
    2011-01-20 14:14 . 2011-02-10 22:40 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-20 14:12 . 2011-02-10 22:40 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-20 14:11 . 2011-02-10 22:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
    2011-01-20 13:47 . 2011-02-10 22:40 683008 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-20 13:44 . 2011-02-10 22:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-20 13:44 . 2011-02-10 22:40 797184 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-08 08:47 . 2011-02-10 22:36 34304 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-08 06:28 . 2011-02-10 22:36 292352 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-04 01:47 . 2009-01-20 01:20 319456 ----a-w- c:\windows\DIFxAPI.dll
    2010-12-31 13:57 . 2011-02-10 22:41 2039808 ----a-w- c:\windows\system32\win32k.sys
    2010-12-28 15:55 . 2011-01-13 16:11 413696 ----a-w- c:\windows\system32\odbc32.dll
    2010-12-27 21:43 . 2010-09-17 19:02 286720 ----a-w- c:\windows\iun506.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-11 2423752]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
    "EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
    "eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
    "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
    "Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
    "Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-17 1800464]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-29 526336]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2010-12-28 2392064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
    R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
    R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
    R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-17 130960]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-17 29520]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
    S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-29 387072]
    S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
    S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-03-22 43552]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    LSP: %SYSTEMROOT%\system32\nvLsp.dll
    FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKLM-Run-eRecoveryService - (no file)
    AddRemove-igLoader - c:\program files\igLoader\uninstall.exe
    AddRemove-LSI Soft Modem - c:\windows\agrsmdel
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-03-20 22:14
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(7984)
    c:\windows\system32\guard32.dll
    .
    - - - - - - - > 'lsass.exe'(7912)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2011-03-20 22:21:17
    ComboFix-quarantined-files.txt 2011-03-21 04:21
    .
    Pre-Run: 51,187,994,624 bytes free
    Post-Run: 51,034,611,712 bytes free
    .
    - - End Of File - - EC01C9F7F5DE5E75B348B13D188B6C28

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: Acer
    System Product Name: Aspire X1300
    Logical Drives Mask: 0x0000051c

    Kernel Drivers (total 161):
    0x87415000 \SystemRoot\system32\ntkrnlpa.exe
    0x877CF000 \SystemRoot\system32\hal.dll
    0x80605000 \SystemRoot\system32\kdcom.dll
    0x8060C000 \SystemRoot\system32\PSHED.dll
    0x8061D000 \SystemRoot\system32\BOOTVID.dll
    0x80625000 \SystemRoot\system32\CLFS.SYS
    0x80666000 \SystemRoot\system32\CI.dll
    0x80746000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x807C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87A0C000 \SystemRoot\system32\drivers\acpi.sys
    0x87A52000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x87A5B000 \SystemRoot\system32\drivers\msisadrv.sys
    0x87A63000 \SystemRoot\system32\drivers\pci.sys
    0x87A8A000 \SystemRoot\System32\drivers\partmgr.sys
    0x87A99000 \SystemRoot\system32\drivers\volmgr.sys
    0x87AA8000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87AF2000 \SystemRoot\system32\drivers\pciide.sys
    0x87AF9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x87B07000 \SystemRoot\System32\drivers\mountmgr.sys
    0x87B17000 \SystemRoot\System32\Drivers\UBHelper.sys
    0x87B1F000 \SystemRoot\system32\drivers\atapi.sys
    0x87B27000 \SystemRoot\system32\drivers\ataport.SYS
    0x87B45000 \SystemRoot\system32\DRIVERS\nvstor32.sys
    0x87B69000 \SystemRoot\system32\DRIVERS\storport.sys
    0x87BAA000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87BDC000 \SystemRoot\system32\drivers\fileinfo.sys
    0x87BEC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
    0x8E80C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8E87D000 \SystemRoot\system32\drivers\ndis.sys
    0x8E988000 \SystemRoot\system32\drivers\msrpc.sys
    0x8E9B3000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8EA0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x8EAF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8EC05000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8ED15000 \SystemRoot\system32\drivers\volsnap.sys
    0x8ED4E000 \SystemRoot\System32\Drivers\spldr.sys
    0x8ED56000 \SystemRoot\System32\Drivers\mup.sys
    0x8ED65000 \SystemRoot\System32\drivers\ecache.sys
    0x8ED8C000 \SystemRoot\system32\drivers\disk.sys
    0x8ED9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x8EDBE000 \SystemRoot\system32\drivers\crcdisk.sys
    0x8EDC7000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
    0x8EDCC000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
    0x8EDEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8EDF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x8EB37000 \SystemRoot\system32\DRIVERS\processr.sys
    0x8EB46000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x8EB4F000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x8EB57000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x8EB61000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8EB9F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x92804000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92891000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x928A9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
    0x928B1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x928B7000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x92A03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x93481000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x93483000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x93523000 \SystemRoot\System32\drivers\watchdog.sys
    0x93601000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x9371E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x93720000 \SystemRoot\system32\drivers\modem.sys
    0x9372D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
    0x9373D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
    0x9374B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x9377A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x93785000 \SystemRoot\system32\drivers\windrvr6.sys
    0x937B3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x937CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x937D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9352F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x9353E000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x93552000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x93567000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x93577000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x93582000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x937F8000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x9358D000 \SystemRoot\system32\DRIVERS\ks.sys
    0x935B7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x935C1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x928FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x935CE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x92932000 \SystemRoot\system32\drivers\HdAudio.sys
    0x92971000 \SystemRoot\system32\drivers\portcls.sys
    0x9299E000 \SystemRoot\system32\drivers\drmk.sys
    0x935DF000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x935ED000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0x929C3000 \SystemRoot\System32\DRIVERS\cmdguard.sys
    0x929E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x935F9000 \SystemRoot\System32\Drivers\Null.SYS
    0x929EF000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8EBC1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8EBC8000 \SystemRoot\System32\drivers\vga.sys
    0x8EBD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x929F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8EBF5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8EA00000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8EBAE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8E9EE000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x807CF000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8E800000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
    0x807E5000 \SystemRoot\system32\DRIVERS\smb.sys
    0x94007000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0x9404F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x94081000 \SystemRoot\system32\drivers\afd.sys
    0x940C9000 \SystemRoot\system32\drivers\ws2ifsl.sys
    0x940D2000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x940E8000 \SystemRoot\system32\DRIVERS\inspect.sys
    0x940FD000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x9410B000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x9411E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x94135000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x94157000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x9415D000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x9416A000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x941A6000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x941B0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x941BA000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9480A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0x94846000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x9484F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x9485F000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x94867000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x94870000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x94885000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x9489B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x948A8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x948B2000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
    0x81610000 \SystemRoot\System32\win32k.sys
    0x948D6000 \SystemRoot\System32\drivers\Dxapi.sys
    0x948E0000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x81830000 \SystemRoot\System32\TSDDD.dll
    0x81850000 \SystemRoot\System32\cdd.dll
    0x948EF000 \SystemRoot\system32\drivers\luafv.sys
    0x9490A000 \SystemRoot\system32\drivers\spsys.sys
    0x949BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x949CA000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA7A01000 \SystemRoot\system32\drivers\HTTP.sys
    0xA7A6E000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA7A8B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA7AA4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA7AB9000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA7ADA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA7AF9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0xA7B32000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xA7B4A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA7B72000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA7BC0000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0xA7BCB000 \??\C:\Windows\system32\drivers\int15.sys
    0xB0203000 \SystemRoot\system32\drivers\peauth.sys
    0xB02E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
    0xB02EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
    0xB02FC000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xB0306000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xB0312000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0xB031C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0xB0331000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
    0xB0343000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0x81860000 \SystemRoot\System32\ATMFD.DLL
    0x77C00000 \Windows\System32\ntdll.dll

    Processes (total 78):
    0 System Idle Process
    4 System
    7664 C:\Windows\System32\smss.exe
    7696 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    7904 csrss.exe
    7964 csrss.exe
    7972 C:\Windows\System32\wininit.exe
    8028 C:\Windows\System32\winlogon.exe
    8060 C:\Windows\System32\services.exe
    8080 C:\Windows\System32\lsass.exe
    8088 C:\Windows\System32\lsm.exe
    1264 C:\Windows\System32\svchost.exe
    1368 C:\Windows\System32\nvvsvc.exe
    1440 C:\Windows\System32\svchost.exe
    1592 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    1736 C:\Windows\System32\svchost.exe
    1928 C:\Windows\System32\svchost.exe
    2040 C:\Windows\System32\svchost.exe
    424 C:\Windows\System32\svchost.exe
    696 C:\Windows\System32\audiodg.exe
    3076 C:\Windows\System32\SLsvc.exe
    3004 C:\Windows\System32\svchost.exe
    2860 C:\Windows\System32\nvvsvc.exe
    1080 C:\Windows\System32\spoolsv.exe
    880 C:\Windows\System32\svchost.exe
    3380 C:\Windows\System32\taskeng.exe
    3844 C:\Windows\System32\dwm.exe
    3956 C:\Windows\explorer.exe
    4408 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    4424 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    4464 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    4792 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    5032 C:\Windows\System32\agrsmsvc.exe
    5120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    5168 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    5208 C:\Program Files\AVG\AVG10\avgtray.exe
    5504 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    5616 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    5632 C:\Program Files\iTunes\iTunesHelper.exe
    5688 C:\Program Files\Application Updater\ApplicationUpdater.exe
    5720 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    5760 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    5776 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    5816 C:\Windows\ehome\ehtray.exe
    5832 C:\Program Files\Windows Media Player\wmpnscfg.exe
    5848 C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe
    5912 C:\Program Files\Bonjour\mDNSResponder.exe
    5960 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    6016 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    6348 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    6636 C:\Windows\System32\svchost.exe
    6700 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    6812 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    6908 C:\Windows\System32\svchost.exe
    7036 C:\Windows\System32\svchost.exe
    7132 C:\Windows\System32\SearchIndexer.exe
    7252 C:\Program Files\bin32\nSvcAppFlt.exe
    7332 WUDFHost.exe
    7380 C:\Program Files\bin32\nSvcIp.exe
    396 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    804 C:\Program Files\AVG\AVG10\avgnsx.exe
    1876 C:\Windows\ehome\ehmsas.exe
    384 C:\Program Files\Windows Media Player\wmpnetwk.exe
    6012 C:\Windows\ehome\ehsched.exe
    2616 C:\Windows\ehome\ehrecvr.exe
    7056 C:\Windows\System32\taskeng.exe
    2808 C:\Program Files\iPod\bin\iPodService.exe
    3216 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    6572 C:\Windows\System32\svchost.exe
    3952 C:\Windows\System32\wuauclt.exe
    4740 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    4884 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    7016 C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    6848 C:\Program Files\Mozilla Firefox\firefox.exe
    3448 C:\Windows\System32\notepad.exe
    6476 dllhost.exe
    1640 dllhost.exe
    6480 C:\Users\Dad\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80100000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`02e00000 (NTFS)

    PhysicalDrive0 Model Number: HitachiHDT721032SLA, Rev: ST2O

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 51300907C4CFB85815A6FF9748141B6F94144809


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!


    Please let me know what the next steps are.

    Kendra
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Uninstall Ask Toolbar, typical foistware.

    Combofix log looks good now.

    How is computer doing?

    Download Bootkit Remover to your Desktop.

    • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
    • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  8. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I uninstalled the Ask.com toolbar from my control panel, but it is still there. Any ideas on how to get rid of it completely?

    Also when I start up my computer now it is saying that Windows has blocked some programs on startup and to click to see what they are, only when I click the bubble disappears and doesn't show me anything.
     
  9. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    I am having trouble with the bootkit remover. I downloaded it and then clicked on it to install. It said that Windows could not open this file, so I went in and selected 7zip to use to open this program, but then nothing happened. So I looked for bootkit in my files and clicked on it again. A black screen comes up, but I can't tell if there is data on it or not because it comes up for less than 1/2 second and then disappears off my screen.

    And my Comodo still wouldn't let me install anything. I had to disable my firewall because like before it kept repeatedly asking me if I should allow this program only it never allows it.

    Thanks
    Kendra
     
  10. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    This morning several of the games I was having issues with I was able to get to work, so there are definitely some improvements on my computer, but as previously mentioned not quite everything...yet anyway
     
  11. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Nevermind, the programs were running fine because my comodo was still disabled. So I appear to still be having the same issues at this point. The computer hasn't frozen up, but it hasn't done that in a couple weeks anyway, so not sure how to tell if that issue has been fixed.
     
  12. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Got the Bootkit remover to work, here is the log.

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
    002), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`80100000
    ATA_Read(): DeviceIoControl() ERROR 1
    Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Unknown boot code

    Unknown boot code has been found on some of your physical disks.
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>


    Done;
    Press any key to quit...


    My programs work if I put Comodo in training mode, so that seems to work. Still have the ask.com toolbar, but it is no longer listed under my programs in the control panel. Let me know what the next step is.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    "Training mode", or "Safe mode" are fine.
    We'll take care of Ask Toolbar in a moment.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    You already had me run ComboFix, so I just want to double check and make sure that you want me to run it twice. Since I ran it two days ago do I download it again, or can I just run the version that I installed on Sunday? Thanks
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Ooops...sorry for that.

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    OTL logs

    OTL Extras logfile created on: 3/22/2011 10:34:36 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dad\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.04 Gb Total Space | 47.19 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
    Drive D: | 142.04 Gb Total Space | 141.57 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
    Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{2044E66B-8323-4657-9910-D5D7171DEEAD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{E1171FFC-2CBD-4A83-8F83-B498578910D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00F3B3EA-A1DB-4A04-98FD-20C44F07C5B6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{085BB11D-8FCA-4AE4-A62F-08643E39250C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{1302120E-280E-4E01-8D03-349034181757}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{17B26786-8B9C-4322-87F5-714C3550682C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{1F2A0765-C9A3-4AD7-A438-AD1CA13FE20F}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
    "{2ED63600-AC31-4DB5-867B-BBE59C6D6BB3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{4DC58EDA-492B-4265-91E4-9E33A98ACE6E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{55DA2ED7-0452-469B-B146-32B31C806321}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5A5E9FCD-E1D0-4295-A512-BCC2F568D6E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{5D6B01B3-61EA-4995-BABF-9E3CF7DDD992}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
    "{65834532-6BA0-499A-8023-50D47CDE577B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{69AC4762-70F6-4105-84EA-61C2D9F2B0A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6BE38039-7BBD-44D4-A271-1897BD22D5DE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{7AF2AB31-77ED-4D76-8695-DEB2D8D65A8D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{828125FB-4B2B-4892-89CE-DFD0297A4A99}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
    "{883C7D4C-2F12-4D4A-811E-66164BA1C380}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{8C0251F1-2E22-4CA4-8ADF-B1E1FF819CD1}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
    "{914F42F1-2C07-4FAA-823D-9D5764BCE676}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
    "{948B0315-30B0-49D1-B09C-33BF8EB08262}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
    "{A6EA583C-A2E0-452A-91FE-45F032280003}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{A7E33591-4711-44B3-AE01-35A89A42E007}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{A949F18A-0817-416E-9BFF-F803C52E8274}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
    "{B121609F-BE7C-4CBE-8038-2553FAB415D0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
    "{B1C610F6-2035-4DC7-BC7C-7E81D477B09E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{B89ADE20-EA39-4277-94DF-906E55EEB255}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{C269C8F6-93E4-4340-BA93-F52E49FC49F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{D03AFF1D-21E0-4231-90E0-156C65B1FF5A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
    "{D790509C-86A0-4A0E-AA6C-59E5FAB15C63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E7C196D0-76B5-4263-A9DE-CF1C1169B79C}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{F1DE6163-8175-4D47-8CC4-E58A7D2E16EF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
    "{F2E14084-A17B-4AF0-81C6-58F18F2E6838}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{70F6CE67-48A6-44F9-80ED-DE074B502785}" = Garfield's Typing Pal
    "{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111640927}" = Shopmania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112868583}" = Chocolatier
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113759870}" = Burger Shop
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233}" = Home Sweet Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114326367}" = Blood Ties
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114462137}" = Babysitting Mania
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114668510}" = Doggie Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114945627}" = Family Feud 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114964527}" = Cooking Academy
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115162883}" = Wedding Dash 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115231370}" = Build In Time
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115267797}" = Fashion Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115369807}" = Sunshine Acres
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115561607}" = Anna`s Ice Cream
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116510433}" = Orchard
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117045150}" = Yard Sale Junkie
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117168453}" = Jessicas Cupcake Cafe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117244230}" = Wedding Dash Ready Aim Love
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117451913}" = Passport to Perfume™
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1175830}" = Cooking Dash Diner Town Studios
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117762797}" = Kelly Green Garden Queen
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11778787}" = Double Play Jojo’s Fashion Show 1 & 2
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117795997}" = Kitchen Brigade
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119352260}" = Cookie Domination
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119619927}" = Avenue Flo - Special Delivery
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
    "{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
    "{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
    "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
    "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
    "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
    "{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
    "{F5F5364A-7B98-4E86-9B5B-9C916F9C8439}" = Guitar Praise
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "2002 Games" = 2002 Games
    "7-Zip" = 7-Zip 9.20
    "Acer Assist" = Acer Assist
    "Acer Registration" = Acer Registration
    "Adobe Acrobat 4.0" = Adobe Acrobat 4.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
    "AVG" = AVG 2011
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "COMODO Internet Security" = COMODO Internet Security
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "Dual Mode Camera_is1" = Uninstall Dual Mode Camera
    "eMusic Download Manager" = eMusic Download Manager 4.1.4
    "Google Desktop" = Google Desktop
    "Hax264 Codec_is1" = Hax264 Codec 2.1.0.8
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
    "Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.137
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Math Missions Grades 3-5" = Math Missions Grades 3-5
    "Math Missions Grades K-2" = Math Missions Grades K-2
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
    "NetDevil_LEGO_Universe_is1" = LEGO Universe
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "OggDS" = Direct Show Ogg Vorbis Filter (remove only)
    "Picasa 3" = Picasa 3
    "Puzzle and Board XP Championship" = Puzzle and Board XP Championship
    "SystemRequirementsLab" = System Requirements Lab
    "Teach_Yourself_to_Play_Guitar_1.8" = Teach Yourself to Play Guitar 1.8.1
    "Timez Attack" = Timez Attack
    "Train Simulator 1.0" = Microsoft Train Simulator
    "U.B. Funkeys" = U.B. Funkeys
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Year 2 year-plan" = Year 2 year-plan
    "Year 3 Curriculum" = Year 3 Curriculum
    "Year 3 Interface" = Year 3 Interface

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Dad
    "Free Realms Installer" = Free Realms Installer
    "SOE-Free Realms" = Free Realms

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/21/2011 11:18:20 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2262

    Error - 1/21/2011 11:18:20 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2262

    Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3495

    Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3495

    Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4836

    Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4836

    Error - 1/21/2011 12:44:08 PM | Computer Name = Dad-PC | Source = System Restore | ID = 8193
    Description =

    Error - 1/21/2011 12:44:08 PM | Computer Name = Dad-PC | Source = System Restore | ID = 8210
    Description =

    [ System Events ]
    Error - 3/20/2011 7:47:53 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/20/2011 7:51:39 PM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 3/20/2011 11:51:13 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/21/2011 12:01:19 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/21/2011 12:07:21 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/21/2011 12:14:17 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 3/21/2011 12:08:16 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/21/2011 12:13:55 PM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =

    Error - 3/21/2011 12:31:06 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 3/22/2011 5:02:27 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description =


    < End of report >
     
  17. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    OTL logs continued

    OTL logfile created on: 3/22/2011 10:34:36 PM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dad\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6002.18005)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
    6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 142.04 Gb Total Space | 47.19 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
    Drive D: | 142.04 Gb Total Space | 141.57 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
    Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/03/22 21:13:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
    PRC - [2011/03/11 11:59:38 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
    PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/02/17 09:37:06 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2010/02/17 09:36:42 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/02 21:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    PRC - [2008/10/01 13:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
    PRC - [2008/10/01 13:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
    PRC - [2008/10/01 13:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
    PRC - [2008/10/01 13:43:52 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
    PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    PRC - [2008/07/29 19:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    PRC - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    PRC - [2008/01/29 14:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
    PRC - [2008/01/29 14:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
    PRC - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
    PRC - [2002/08/30 13:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/03/22 21:13:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
    MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
    SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
    SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/02/17 09:36:42 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2008/10/01 13:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
    SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
    SRV - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
    SRV - [2008/01/29 14:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
    SRV - [2008/01/29 14:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
    SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
    DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/07/09 16:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/05/29 09:38:54 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/18 14:02:49 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2010/02/18 14:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2010/02/17 09:40:23 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2010/02/17 09:38:23 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2010/02/17 09:38:21 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
    DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/09/30 19:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2009/09/11 14:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
    DRV - [2008/10/01 12:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
    DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
    DRV - [2008/03/22 09:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/01/25 06:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
    DRV - [2007/10/12 02:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/02/14 20:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/12/20 12:15:43 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/03/18 10:41:25 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/20 22:58:34 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 23:41:58 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/18 10:41:26 | 000,000,000 | ---D | M]

    [2009/08/26 21:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
    [2011/03/22 18:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
    [2009/08/31 12:48:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/10/21 17:12:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2011/03/18 09:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH
    [2009/10/21 17:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/11/26 10:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
    [2011/03/19 11:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/06 18:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/20 01:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/12/27 17:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
    [2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
    [2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
    [2010/11/04 16:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
    [2010/11/04 16:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
    [2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/02/12 13:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
    [2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
    [2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

    O1 HOSTS File: ([2011/03/20 22:14:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O3 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
    O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
    O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
    O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
    O4 - HKLM..\Run: [EmpoweringTechnology] File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
    O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
    O4 - HKU\S-1-5-21-448598220-3968628860-416183352-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
    O15 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Blue_Sky_and_Flowers.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Blue_Sky_and_Flowers.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/01/10 16:51:08 | 000,000,043 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.H264 - C:\Program Files\Hax264\H264vfw.dll (Dave Haxton)
    Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/21 17:07:06 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Dad\Desktop\remover.exe
    [2011/03/21 10:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    [2011/03/21 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2011/03/20 23:00:32 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\AVG10
    [2011/03/20 22:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
    [2011/03/20 22:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
    [2011/03/20 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
    [2011/03/20 22:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2011/03/20 22:21:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/03/20 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\temp
    [2011/03/20 21:59:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/03/20 21:59:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/03/20 21:59:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/03/20 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/03/20 21:59:18 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/03/20 21:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/03/20 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
    [2011/03/19 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
    [2011/03/19 17:05:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/19 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/19 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/19 17:04:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/19 17:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/19 15:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
    [2011/03/18 09:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/03/18 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/03/18 09:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/03/18 09:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/03/08 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
    [2011/03/08 16:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
    [2011/02/24 04:03:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
    [2009/01/19 17:37:43 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/03/22 22:29:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/22 22:29:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/22 16:51:30 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/22 16:51:30 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/22 09:00:18 | 109,513,463 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2011/03/21 10:29:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
    [2011/03/21 10:28:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/21 10:28:52 | 2951,254,016 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/21 10:24:38 | 000,000,000 | ---- | M] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
    [2011/03/20 22:59:23 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/03/20 22:14:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/03/19 17:05:00 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/18 10:41:26 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2011/03/18 09:48:51 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/17 22:43:03 | 000,001,600 | ---- | M] () -- C:\Users\Public\Desktop\Acer GameZone Online.lnk
    [2011/03/17 09:30:19 | 000,063,482 | ---- | M] () -- C:\Users\Dad\Documents\Invoice 1039.pdf
    [2011/03/14 17:13:16 | 000,065,297 | ---- | M] () -- C:\Users\Dad\Documents\decker bid.pdf
    [2011/03/13 17:22:09 | 000,185,278 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2011/02/22 00:16:34 | 000,006,017 | ---- | M] () -- C:\Users\Dad\Documents\bio.pdf

    ========== Files Created - No Company Name ==========

    [2011/03/20 22:59:23 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
    [2011/03/20 21:59:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/03/20 21:59:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/03/20 21:59:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/03/20 21:59:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/03/20 21:59:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/03/19 17:05:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/18 09:48:51 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/17 09:30:18 | 000,063,482 | ---- | C] () -- C:\Users\Dad\Documents\Invoice 1039.pdf
    [2011/03/14 17:13:15 | 000,065,297 | ---- | C] () -- C:\Users\Dad\Documents\decker bid.pdf
    [2011/02/24 04:01:11 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
    [2011/02/24 04:01:11 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
    [2011/02/24 04:01:09 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
    [2011/02/22 00:16:33 | 000,006,017 | ---- | C] () -- C:\Users\Dad\Documents\bio.pdf
    [2011/01/05 10:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2011/01/05 10:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2010/12/28 16:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\Mavis Beacon Teaches Typing.INI
    [2010/10/20 13:17:02 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
    [2010/10/11 22:34:25 | 000,111,797 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2010/10/11 22:34:24 | 000,111,797 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2010/08/02 18:35:55 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
    [2010/07/22 22:02:06 | 000,173,296 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
    [2010/07/09 20:52:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2010/07/05 14:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
    [2010/06/17 21:20:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2010/03/12 23:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\Xscan.INI
    [2009/11/29 21:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
    [2009/10/22 10:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
    [2009/09/30 20:42:36 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
    [2009/09/30 17:14:14 | 000,000,201 | ---- | C] () -- C:\Windows\PowerReg.dat
    [2009/09/30 17:05:37 | 000,000,196 | ---- | C] () -- C:\Windows\EPSON 1260_1660 Installer.ini
    [2009/09/10 17:03:15 | 000,036,697 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
    [2009/09/03 12:38:47 | 000,024,576 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/02 08:20:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2009/08/26 23:04:51 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.11.108364.552_XP_Vista_x32.INI
    [2009/08/26 21:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/01/19 19:42:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
    [2009/01/19 19:20:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
    [2009/01/19 19:20:09 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
    [2009/01/19 18:27:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
    [2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 06:47:37 | 000,389,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 04:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 04:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/10/10 19:22:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
    [2006/10/10 19:22:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
    [2006/10/10 19:13:29 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
    [2002/09/29 05:24:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2002/09/29 05:23:16 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2002/09/29 05:23:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2002/09/29 05:23:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

    ========== LOP Check ==========

    [2009/08/26 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
    [2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
    [2010/07/23 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
    [2011/03/20 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\AVG10
    [2009/09/03 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
    [2010/07/10 01:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
    [2010/12/06 14:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
    [2010/12/28 16:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
    [2010/11/04 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
    [2010/07/08 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
    [2010/01/30 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
    [2009/09/30 20:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
    [2009/08/31 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
    [2010/07/21 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
    [2010/02/05 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
    [2009/12/22 01:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
    [2010/08/02 18:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
    [2010/05/28 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\iWin
    [2009/08/26 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
    [2009/09/11 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
    [2009/08/26 22:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
    [2010/03/22 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
    [2011/03/21 10:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
    [2010/07/09 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
    [2010/10/11 22:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
    [2009/11/27 23:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
    [2010/12/25 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
    [2010/12/17 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots
    [2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
    [2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
    [2011/03/21 10:27:32 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2009/01/19 17:38:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/03/20 22:21:20 | 000,021,649 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/12/12 13:30:37 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
    [2010/12/12 13:30:37 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
    [2011/03/21 10:28:52 | 2951,254,016 | -HS- | M] () -- C:\hiberfil.sys
    [2009/09/10 17:17:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/09/10 17:17:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2007/02/12 13:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll
    [2007/02/09 07:55:54 | 000,000,283 | ---- | M] () -- C:\npigl.xpt
    [2011/03/21 10:28:51 | 3265,060,864 | -HS- | M] () -- C:\pagefile.sys
    [2009/01/19 19:20:47 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2011/01/05 10:48:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/20 20:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
    [2008/01/20 20:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2006/10/19 11:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
    [2006/10/19 11:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
    [2008/12/05 00:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/05 11:09:39 | 000,000,286 | -HS- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Dad\Desktop\remover.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/01/05 11:09:06 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2011/01/05 11:08:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/10/11 22:34:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/10/11 22:34:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2011/01/05 11:08:36 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/08/26 21:43:33 | 000,000,402 | -HS- | M] () -- C:\Users\Dad\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========
     
  18. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    the rest of the OTL logs

    @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:FA8B212D
    @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
    @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:D30CE047
    @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:95B7F1EC
    @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:128A6DC9
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:793F316E
    @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:2CD14F7E
    @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:5216CD26
    @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A42A9F39
    @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:4D066AD2
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:E36F5B57
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A724744F
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:4CF61E54
    @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3AE22B1A
    @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4E903DEB
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABE89FFE
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3B3A35EC
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CC174F28
    @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2D61FFEE
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B61DB9F
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB603FE4
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD444D31
    @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E3FBF9D
    @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:41099CE9
    @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:860D9052
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C97EF04
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4A1F01E
    @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7079A696
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E54FA796
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:59D05D9A
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7091055F
    @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:002640E3
    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0D722EB
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C40E212B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C3112F12
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
    @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8D899C22
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7CACEF61
    @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:798A3728
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AB689DEA
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DAFD38AE

    < End of report >


    Thanks for your help. I know you are helping a lot of others, so I appreciate it.
    The computer seems to be running better. When it's clean I will see if it lets me install my updates and I may have just a couple more questions for you.

    Thanks
    Kendra

    P.S When I post this the last line of the OTL log comes up with a green smiley face on this. Maybe it's supposed to do that, but if not in my log instead of a smiley face I have a letter D
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
      O15 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..Trusted Ranges: GD ([http] in Local intranet)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:FA8B212D
      @Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
      @Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:D30CE047
      @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:95B7F1EC
      @Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:128A6DC9
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:793F316E
      @Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:2CD14F7E
      @Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:5216CD26
      @Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A42A9F39
      @Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:4D066AD2
      @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:E36F5B57
      @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A724744F
      @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:4CF61E54
      @Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3AE22B1A
      @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4E903DEB
      @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABE89FFE
      @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3B3A35EC
      @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CC174F28
      @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2D61FFEE
      @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B61DB9F
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB603FE4
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD444D31
      @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E3FBF9D
      @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:41099CE9
      @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:860D9052
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C97EF04
      @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4A1F01E
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7079A696
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E54FA796
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:59D05D9A
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7091055F
      @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:002640E3
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
      @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0D722EB
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C40E212B
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C3112F12
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
      @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8D899C22
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7CACEF61
      @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:798A3728
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AB689DEA
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DAFD38AE
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    All processes killed
    ========== OTL ==========
    Service GoogleDesktopManager-092308-165331 stopped successfully!
    Service GoogleDesktopManager-092308-165331 deleted successfully!
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
    ADS C:\ProgramData\TEMP:615435BE deleted successfully.
    ADS C:\ProgramData\TEMP:D30CE047 deleted successfully.
    ADS C:\ProgramData\TEMP:95B7F1EC deleted successfully.
    ADS C:\ProgramData\TEMP:128A6DC9 deleted successfully.
    ADS C:\ProgramData\TEMP:793F316E deleted successfully.
    ADS C:\ProgramData\TEMP:2CD14F7E deleted successfully.
    ADS C:\ProgramData\TEMP:5216CD26 deleted successfully.
    ADS C:\ProgramData\TEMP:A42A9F39 deleted successfully.
    ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
    ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
    ADS C:\ProgramData\TEMP:A724744F deleted successfully.
    ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
    ADS C:\ProgramData\TEMP:3AE22B1A deleted successfully.
    ADS C:\ProgramData\TEMP:4E903DEB deleted successfully.
    ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
    ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
    ADS C:\ProgramData\TEMP:CC174F28 deleted successfully.
    ADS C:\ProgramData\TEMP:2D61FFEE deleted successfully.
    ADS C:\ProgramData\TEMP:0B61DB9F deleted successfully.
    ADS C:\ProgramData\TEMP:EB603FE4 deleted successfully.
    ADS C:\ProgramData\TEMP:03033228 deleted successfully.
    ADS C:\ProgramData\TEMP:FD444D31 deleted successfully.
    ADS C:\ProgramData\TEMP:5E3FBF9D deleted successfully.
    ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
    ADS C:\ProgramData\TEMP:860D9052 deleted successfully.
    ADS C:\ProgramData\TEMP:4C97EF04 deleted successfully.
    ADS C:\ProgramData\TEMP:C4A1F01E deleted successfully.
    ADS C:\ProgramData\TEMP:7079A696 deleted successfully.
    ADS C:\ProgramData\TEMP:E54FA796 deleted successfully.
    ADS C:\ProgramData\TEMP:59D05D9A deleted successfully.
    ADS C:\ProgramData\TEMP:7091055F deleted successfully.
    ADS C:\ProgramData\TEMP:002640E3 deleted successfully.
    ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
    ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
    ADS C:\ProgramData\TEMP:C40E212B deleted successfully.
    ADS C:\ProgramData\TEMP:C3112F12 deleted successfully.
    ADS C:\ProgramData\TEMP:F3176E45 deleted successfully.
    ADS C:\ProgramData\TEMP:8D899C22 deleted successfully.
    ADS C:\ProgramData\TEMP:7CACEF61 deleted successfully.
    ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
    ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
    ADS C:\ProgramData\TEMP:DAFD38AE deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dad
    ->Temp folder emptied: 6337396 bytes
    ->Temporary Internet Files folder emptied: 1414179 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 47842219 bytes
    ->Flash cache emptied: 63929 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 236130 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Dad
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.22.3 log created on 03232011_142455

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  21. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Results of screen317's Security Check version 0.99.7
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 2011
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 24
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.4.2
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.5.17) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Internet Explorer to version 9.

    Update Firefox to version 4.0.

    ...and Eset scan....
     
  23. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    still running the eset scan, takes a while
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    No problem :)
     
  25. mom26gr8kids

    mom26gr8kids TS Guru Topic Starter Posts: 452

    Eset log

    C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan
    C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
    C:\Program Files\iWonEI\Installr\1.bin\jfEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
    C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll.vir a variant of Win32/Adware.Toolbar.Dealio application
    C:\_OTL\MovedFiles\03232011_142455\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application


    Updating Mozilla and IE now
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...