Re-Direct Virus (Plomedia, etc) Completed all scans, logs attached

MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer, Inc.
BIOS Manufacturer: Acer
System Manufacturer: Acer, inc.
System Product Name: Aspire 4720Z
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 156):
0x82402000 \SystemRoot\system32\ntkrnlpa.exe
0x827BC000 \SystemRoot\system32\hal.dll
0x8060B000 \SystemRoot\system32\kdcom.dll
0x8060E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8067E000 \SystemRoot\system32\PSHED.dll
0x8068F000 \SystemRoot\system32\BOOTVID.dll
0x80697000 \SystemRoot\system32\CLFS.SYS
0x806D8000 \SystemRoot\system32\CI.dll
0x82A08000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82A84000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82A91000 \SystemRoot\system32\drivers\acpi.sys
0x82AD7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x82AE0000 \SystemRoot\system32\drivers\msisadrv.sys
0x82AE8000 \SystemRoot\system32\drivers\pci.sys
0x82B0F000 \SystemRoot\System32\drivers\partmgr.sys
0x82B1E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x82B21000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x82B2B000 \SystemRoot\system32\drivers\volmgr.sys
0x82B3A000 \SystemRoot\System32\drivers\volmgrx.sys
0x82B84000 \SystemRoot\system32\drivers\intelide.sys
0x82B8B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82B99000 \SystemRoot\System32\drivers\mountmgr.sys
0x82C06000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x82CCD000 \SystemRoot\system32\drivers\atapi.sys
0x82CD5000 \SystemRoot\system32\drivers\ataport.SYS
0x82CF3000 \SystemRoot\system32\drivers\fltmgr.sys
0x82D25000 \SystemRoot\system32\drivers\fileinfo.sys
0x82D35000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x82D3E000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82D47000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82E06000 \SystemRoot\system32\drivers\ndis.sys
0x82F11000 \SystemRoot\system32\drivers\msrpc.sys
0x82F3C000 \SystemRoot\system32\drivers\NETIO.SYS
0x86A03000 \SystemRoot\System32\drivers\tcpip.sys
0x86AED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x86C0C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x86D1C000 \SystemRoot\system32\drivers\volsnap.sys
0x86D55000 \SystemRoot\System32\Drivers\spldr.sys
0x86D5D000 \SystemRoot\system32\drivers\psdvdisk.sys
0x86D6F000 \SystemRoot\system32\drivers\PSDNServ.sys
0x86D78000 \SystemRoot\System32\Drivers\mup.sys
0x86D87000 \SystemRoot\System32\drivers\ecache.sys
0x86DAE000 \SystemRoot\system32\drivers\disk.sys
0x86DBF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x86DE0000 \SystemRoot\system32\drivers\crcdisk.sys
0x86C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x86DE9000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x86B08000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B209000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8B8C4000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B964000 \SystemRoot\System32\drivers\watchdog.sys
0x8B970000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8B97B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B9B9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x86B17000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BA0D000 \SystemRoot\system32\DRIVERS\athr.sys
0x8BABE000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BACE000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BADC000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BAF6000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BB05000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x8BB19000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8BB6A000 \SystemRoot\system32\DRIVERS\winbondcir.sys
0x8BB7F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8BB92000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8BB9C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8BBA7000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8BBD2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8BBD4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8BBDF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BBF7000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8BBF9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8BA00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8BA04000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8B9C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x86BA4000 \SystemRoot\system32\DRIVERS\storport.sys
0x86DF2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x86BE5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x82F77000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82F82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x82FA5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82FB4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x82FC8000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x82FDD000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B9F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x82DB8000 \SystemRoot\system32\DRIVERS\ks.sys
0x82FED000 \SystemRoot\system32\DRIVERS\circlass.sys
0x82DE2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x82DEC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x82BA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x82BDE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C00A000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8C1BC000 \SystemRoot\system32\drivers\portcls.sys
0x807B8000 \SystemRoot\system32\drivers\drmk.sys
0x8C203000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8C320000 \SystemRoot\system32\drivers\modem.sys
0x8C32D000 \SystemRoot\system32\DRIVERS\hidir.sys
0x8C338000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8C348000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8C34F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C358000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8C360000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C369000 \SystemRoot\System32\Drivers\Null.SYS
0x8C370000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C377000 \SystemRoot\System32\drivers\vga.sys
0x8C383000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C3A4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C3AC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C3B4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C3BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C3CD000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C3D6000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C3EC000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA09000 \SystemRoot\System32\Drivers\avgtdix.sys
0x8CA43000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CA75000 \SystemRoot\system32\drivers\afd.sys
0x8CABD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CAD3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CAE1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CAF4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CB30000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CB3A000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CB51000 \SystemRoot\System32\Drivers\avgmfx86.sys
0x8CB57000 \SystemRoot\System32\Drivers\avgldx86.sys
0x8D203000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x8D3AA000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8D3B7000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x95AE0000 \SystemRoot\System32\win32k.sys
0x8D3CB000 \SystemRoot\System32\drivers\Dxapi.sys
0x8D3D5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95D00000 \SystemRoot\System32\TSDDD.dll
0x95D20000 \SystemRoot\System32\cdd.dll
0x8D3E4000 \SystemRoot\system32\drivers\luafv.sys
0x8CB8B000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8CB9B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8CBC5000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8CBCF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAA40C000 \SystemRoot\system32\drivers\spsys.sys
0xAA4BC000 \SystemRoot\system32\drivers\HTTP.sys
0xAA529000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAA546000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAA55F000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAA574000 \SystemRoot\system32\drivers\mrxdav.sys
0xAA595000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAA5B4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x8CBE2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAC003000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAC02B000 \SystemRoot\System32\DRIVERS\srv.sys
0xAC091000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAC0A7000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xAC0B8000 \SystemRoot\system32\drivers\peauth.sys
0xAC196000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAC1A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAC1AC000 \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl
0xAC1AE000 \??\C:\Users\Andreita\AppData\Local\Temp\mbr.sys
0x776A0000 \Windows\System32\ntdll.dll

Processes (total 79):
0 System Idle Process
4 System
488 C:\Windows\System32\smss.exe
556 csrss.exe
624 C:\Windows\System32\wininit.exe
636 csrss.exe
644 C:\Program Files\AVG\AVG9\avgchsvx.exe
652 C:\Program Files\AVG\AVG9\avgrsx.exe
712 C:\Windows\System32\services.exe
728 C:\Windows\System32\lsass.exe
736 C:\Windows\System32\lsm.exe
768 C:\Program Files\AVG\AVG9\avgcsrvx.exe
848 C:\Windows\System32\winlogon.exe
1092 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1284 C:\Windows\System32\svchost.exe
1296 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\audiodg.exe
1424 C:\Windows\System32\svchost.exe
1440 C:\Windows\System32\SLsvc.exe
1512 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\spoolsv.exe
300 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\agrsmsvc.exe
1244 C:\Acer\ALaunch\ALaunchSvc.exe
1572 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1608 C:\Program Files\AVG\AVG9\avgwdsvc.exe
1632 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
1948 C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
1776 C:\Acer\Empowering Technology\eNet\eNet Service.exe
2208 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2216 C:\Windows\System32\taskeng.exe
2232 C:\Windows\System32\dwm.exe
2284 C:\Windows\explorer.exe
2348 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2468 C:\Program Files\AVG\AVG9\avgnsx.exe
2568 C:\Windows\System32\lxddcoms.exe
2632 C:\Acer\Mobility Center\MobilityService.exe
2784 C:\Windows\System32\svchost.exe
2796 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2920 C:\Windows\System32\svchost.exe
2964 C:\Windows\System32\svchost.exe
3016 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3096 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
3144 C:\Windows\System32\SearchIndexer.exe
3208 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3284 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
3348 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
3380 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3404 C:\Windows\RtHDVCpl.exe
3412 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3428 C:\Program Files\Launch Manager\QtZgAcer.EXE
3440 C:\Acer\Empowering Technology\eAudio\eAudio.exe
3488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3500 C:\Program Files\AVG\AVG9\avgtray.exe
3516 C:\Windows\System32\igfxtray.exe
3540 WmiPrvSE.exe
3548 C:\Windows\System32\hkcmd.exe
3580 C:\Windows\System32\igfxpers.exe
3800 C:\Program Files\Lexmark 2500 Series\lxddamon.exe
3856 C:\Windows\ehome\ehtray.exe
4056 unsecapp.exe
3068 C:\Windows\System32\igfxsrvc.exe
3632 C:\Windows\ehome\ehmsas.exe
3892 C:\Windows\System32\wbem\unsecapp.exe
2260 C:\Users\Andreita\AppData\Local\temp\RtkBtMnt.exe
3816 C:\Windows\System32\igfxext.exe
4396 C:\Windows\System32\taskeng.exe
4484 C:\Windows\System32\svchost.exe
4676 C:\Program Files\Internet Explorer\iexplore.exe
4428 C:\Program Files\Internet Explorer\iexplore.exe
3752 C:\Windows\System32\SearchProtocolHost.exe
5412 C:\Windows\System32\SearchFilterHost.exe
5152 C:\Program Files\Internet Explorer\iexplore.exe
5172 taskeng.exe
5616 RacAgent.exe
5392 C:\Users\Andreita\Desktop\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`eda00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000014`1f200000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: EF8BDDFCE3316153C12FED7A663D8468DEEA06D0


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

RkU
Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8B209000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7057408 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82402000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82402000 PnpManager 3907584 bytes
0x82402000 RAW 3907584 bytes
0x82402000 WMIxWDM 3907584 bytes
0x95AE0000 Win32k 2109440 bytes
0x95AE0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8C00A000 C:\Windows\system32\drivers\RTKVHDA.sys 1777664 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8D203000 C:\Windows\system32\DRIVERS\snp2uvc.sys 1732608 bytes (-, USB2.0 PC Camera driver)
0x8C203000 C:\Windows\system32\DRIVERS\AGRSM.sys 1167360 bytes (Agere Systems, SoftModem Device Driver)
0x86C0C000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E06000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x86A03000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D8000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAC0B8000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x82C06000 C:\Windows\system32\DRIVERS\iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8BA0D000 C:\Windows\system32\DRIVERS\athr.sys 724992 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0xAA40C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B8C4000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x86B17000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x82A08000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82D47000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060E000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xAA4BC000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8BB19000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAC02B000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x82B3A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8CA75000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x82A91000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80697000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x86BA4000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B97B000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CAF4000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82F3C000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CA09000 C:\Windows\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xAA5B4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x86D1C000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x82BA9000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8CB57000 C:\Windows\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0x827BC000 ACPI_HAL 208896 bytes
0x827BC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82CF3000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CA43000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B9C8000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8C1BC000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F11000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8BBA7000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x82DB8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x8CB9B000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAC003000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x86D87000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x82AE8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x807B8000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x82F82000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x86DBF000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAA574000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8C383000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAA595000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82CD5000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xAA529000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x86AED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D3E4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8BADC000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xAA546000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8BBDF000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8CBE2000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8CB3A000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x86BE5000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAC091000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8CABD000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8C3D6000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAA55F000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x82FC8000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8BB6A000 C:\Windows\system32\DRIVERS\winbondcir.sys 86016 bytes (Winbond Electronics Corporation, Winbond MCE CIR Port Driver)
0x82FB4000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8BB05000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x8C3EC000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8BB7F000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x8CBCF000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CAE1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x86D5D000 C:\Windows\system32\drivers\psdvdisk.sys 73728 bytes (HiTRUST, PSD Virtual Disk Driver)
0x86DAE000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0xAC0A7000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0x82BDE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067E000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82D25000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8C338000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8CB8B000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x82B99000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8BABE000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x82FDD000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x86B08000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D3D5000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x86D78000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x82B0F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x82FA5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8BAF6000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8B9B9000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82B2B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8BACE000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x95D20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x82FED000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x8CAD3000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8C3BF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x82B8B000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8C320000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D3AA000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x82DEC000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x82A84000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAC1A0000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8C377000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B964000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C32D000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x8BB9C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8BBD4000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8C3B4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x82F77000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x86DF2000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x86C00000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B970000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x82B21000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8BB92000 C:\Windows\system32\DRIVERS\DKbFltr.sys 40960 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0x8D3CB000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x82DE2000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8CBC5000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8CB30000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAC196000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x86DE0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8C360000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8C34F000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xAC1B5000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82D35000 C:\Windows\system32\DRIVERS\psdfilter.sys 36864 bytes (HiTRUST, PSD Filter Driver)
0x86D6F000 C:\Windows\system32\drivers\PSDNServ.sys 36864 bytes (HiTRUST, PSD Named Pipe Driver)
0x82D3E000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8C3CD000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x95D00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x86DE9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8BA04000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x82AD7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82CCD000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8068F000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8C358000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x82AE0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8C3A4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8C3AC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x86D55000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8C370000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8BBF9000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 28672 bytes (GEAR Software Inc., CD/DVD Class Filter Driver)
0x8C348000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x82B84000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xAC1AE000 C:\Users\Andreita\AppData\Local\Temp\mbr.sys 28672 bytes
0x8C369000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D3B7000 C:\Windows\system32\DRIVERS\sncduvc.SYS 28672 bytes (Microsoft Corporation, Universal Serial Bus Camera Driver)
0x8CB51000 C:\Windows\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0x8BA00000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8060B000 00000032 12288 bytes
0x82B1E000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8060B000 C:\Windows\system32\kdcom.dll 12288 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAC1AC000 C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl 8192 bytes (Cyberlink Corp., FCL Driver)
0x8BBF7000 C:\Windows\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0x8B9F7000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8BBD2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x008F0000 Hidden Image-->eLock.Serv.Library.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 110592 bytes
0x00A90000 Hidden Image-->esettings.model.computer.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 126976 bytes
0x00AF0000 Hidden Image-->log4net.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 282624 bytes
0x008E0000 Hidden Image-->eLock.Serv.Interface.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 28672 bytes
0x00840000 Hidden Image-->IERYETF.dll [ EPROCESS 0x85E27B00 ] PID: 3284, 28672 bytes
0x00830000 Hidden Image-->ServiceInterface.dll [ EPROCESS 0x85E27B00 ] PID: 3284, 28672 bytes
0x01AE0000 Hidden Image-->App4R.DevMons.ScanDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 28672 bytes
0x01AD0000 Hidden Image-->App4R.DevMons.NetworkCardDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 28672 bytes
0x00A30000 Hidden Image-->App4R.Monitor.Common.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 36864 bytes
0x00C60000 Hidden Image-->alaunchinterface.dll [ EPROCESS 0x85BCB660 ] PID: 1244, 45056 bytes
0x00A20000 Hidden Image-->eNetServiceInterface.dll [ EPROCESS 0x85C26218 ] PID: 1776, 45056 bytes
0x01B50000 Hidden Image-->MobilityInterface.dll [ EPROCESS 0x85D2EB30 ] PID: 2632, 45056 bytes
0x008E0000 Hidden Image-->WMIInterface.dll [ EPROCESS 0x85D38D90 ] PID: 3096, 45056 bytes
0x00B40000 Hidden Image-->esettings.model.computerinterfaces.dll [ EPROCESS 0x85DDD4F0 ] PID: 3348, 45056 bytes
0x00CD0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85BCB660 ] PID: 1244, 507904 bytes
0x01960000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85C26218 ] PID: 1776, 507904 bytes
0x03E30000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85D2EB30 ] PID: 2632, 507904 bytes
0x043D0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x85D38D90 ] PID: 3096, 507904 bytes
0x00A10000 Hidden Image-->App4R.Monitor.Core.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 53248 bytes
0x01AA0000 Hidden Image-->App4R.DevMons.MCMDevMon.dll [ EPROCESS 0x85E29D90 ] PID: 3800, 69632 bytes
0x008C0000 Hidden Image-->eLock.Serv.Main.dll [ EPROCESS 0x85C144D0 ] PID: 1948, 77824 bytes

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`eda00000
Boot sector MD5 is: 94cb13060aea6dd01e006978d03c0f04

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...

ComboFix FAILED to run due to remnants of AVG that I could not find/et ride of in spite of multiple runs of AppRemover in std and SAFE modes


RKILL

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 03/16/2011 at 22:26:13.
Operating System: Windows Vista (TM) Home Premium


Processes terminated by Rkill or while it was running:

C:\Windows\System32\grpconv.exe


Rkill completed on 03/16/2011 at 22:26:18.

Warns then says dangerous to procede then shuts down the operation when you click OK...there is no option to bypass

SAFE mode tried. Also tried the "Fix failed uninstalls" on AppRemover (It does not detect anything of AVG). Also ran Revo Uninstaller for grins but it didn't see AVG either

OTL

OTL logfile created on: 3/16/2011 11:20:57 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andreita\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 663.00 Mb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): c:\pagefile.sys 1800 3200 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 18.69 Gb Free Space | 27.18% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 68.33 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: ANDREITA-LAP | User Name: Andreita | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/24 19:37:29 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/03 13:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/06/28 21:50:52 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 19:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 14:23:54 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/06/12 21:50:30 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/05/25 09:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 09:41:38 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxddcoms.exe -- (lxdd_device)
SRV - [2007/04/25 19:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 12:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/01/14 17:31:30 | 000,046,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2007/06/12 13:38:26 | 001,729,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/04/27 05:56:00 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/03/28 10:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2007/03/22 01:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/09 17:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/02/24 17:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 19:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/07 21:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/02 19:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========



[2011/03/02 10:23:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions
[2010/05/22 21:33:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Andreita\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA THUNDERBIRD\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008/01/12 20:59:51 | 000,000,000 | ---D | M] (WebMail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{3C8E8390-2CF6-11D9-9669-0800200C9A66}
[2008/01/12 21:01:04 | 000,000,000 | ---D | M] (WebMail - Hotmail) -- C:\USERS\ANDREITA\APPDATA\ROAMING\THUNDERBIRD\PROFILES\F7JXI5MM.DEFAULT\EXTENSIONS\{A6A33690-2C6A-11D9-9669-0800200C9A66}

O1 HOSTS File: ([2011/03/12 22:32:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [PLFSet] C:\Windows\PLFSet.dll ( )
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O15 - HKU\S-1-5-21-3491203945-3468334671-3765132890-1000\..Trusted Domains: mlxchange.com ([sef] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} http://sef.mlxchange.com/5.2.06.12571/Control/FileCruiser.cab (FileCruiser Class)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Agatha%20Christie/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} http://sef.mlxchange.com/5.2.06.12571/Control/Specfile.cab (Specfile Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} http://sef.mlxchange.com/5.2.06.12571/Control/MLSClientUtils.cab (MLS Client Utils)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} http://sef.mlxchange.com/5.2.06.12571/Control/LiteGrid.cab (LiteGridCtl Class)
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} http://sef.mlxchange.com/5.2.06.12571/Control/IRCWebPrint.cab (IRCWwwPrint Class)
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://sef.mlxchange.com/5.2.06.12571/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {B198A72B-B4C3-42B5-B8DA-B364E76429AA} http://sef.mlxchange.com/5.2.06.12571/Control/WebDog.cab (Cerebus Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Agatha%20Christie/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} http://sef.mlxchange.com/5.2.06.12571/Control/AspCustomCtrls.cab (DropList Class)
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} http://fdl.msn.com/public/chat/msnchat45.cab (MSN Chat Control 4.5)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} https://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.182.32.146 65.182.32.35
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
O24 - Desktop BackupWallPaper: C:\Users\Andreita\Pictures\Crusero\P4050162.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/16 23:10:13 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Andreita\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/16 13:48:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/03/16 13:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/03/15 15:21:19 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Desktop\Virus
[2011/03/15 14:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/15 13:45:28 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/15 12:05:08 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Documents\Andrea Archive
[2011/03/15 12:02:16 | 000,000,000 | ---D | C] -- C:\Users\Andreita\Documents\Real Estate
[2011/03/15 11:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\App4rTemp
[2011/03/15 11:41:56 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/03/15 11:41:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/03/15 11:40:02 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/03/15 11:36:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/15 10:58:46 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Lexmark Productivity Studio
[2011/03/15 10:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lx_cats
[2011/03/15 10:53:02 | 000,000,000 | ---D | C] -- C:\logs
[2011/03/15 10:47:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2011/03/15 10:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2500 Series
[2011/03/15 10:47:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 2500 Series
[2011/03/15 10:46:54 | 000,999,424 | ---- | C] ( ) -- C:\Windows\System32\lxddusb1.dll
[2011/03/15 10:46:54 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxddinpa.dll
[2011/03/15 10:46:54 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxddiesc.dll
[2011/03/15 10:46:54 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDDhcp.dll
[2011/03/15 10:46:53 | 001,232,896 | ---- | C] ( ) -- C:\Windows\System32\lxddserv.dll
[2011/03/15 10:46:53 | 000,700,416 | ---- | C] ( ) -- C:\Windows\System32\lxddhbn3.dll
[2011/03/15 10:46:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxddpmui.dll
[2011/03/15 10:46:53 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxddlmpm.dll
[2011/03/15 10:46:53 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxddih.exe
[2011/03/15 10:46:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxddprox.dll
[2011/03/15 10:46:53 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxddpplc.dll
[2011/03/15 10:46:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxddcomc.dll
[2011/03/15 10:46:52 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxddcoms.exe
[2011/03/15 10:46:52 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\lxddcomm.dll
[2011/03/15 10:46:52 | 000,394,160 | ---- | C] ( ) -- C:\Windows\System32\lxddcfg.exe
[2011/03/15 10:44:08 | 000,000,000 | ---D | C] -- C:\drivers
[2011/03/15 10:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/03/15 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\Windows Live
[2011/03/15 01:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/15 01:50:52 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2011/03/14 22:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2011/03/14 19:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/03/14 19:00:54 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/03/14 19:00:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/03/14 17:43:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/03/14 15:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/14 15:18:03 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/03/14 14:30:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/03/13 23:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/03/13 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/13 18:29:35 | 000,000,000 | ---D | C] -- C:\_OTL(19)
[2011/03/13 16:04:27 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\NOS
[2011/03/13 13:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/03/13 12:51:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/13 11:31:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
[2011/03/12 22:43:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/03/12 22:43:18 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\temp
[2011/03/12 22:11:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/12 22:11:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/12 22:11:07 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/12 22:10:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/12 22:10:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/12 22:10:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/05 17:04:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/04 21:39:35 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\AVG9
[2011/03/02 10:28:26 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\offsync
[2011/03/02 10:23:23 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Local\Starfield
[2011/02/25 20:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/25 09:25:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/02/24 19:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/02/24 19:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/02/24 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Andreita\AppData\Roaming\Malwarebytes
[2007/09/25 08:18:57 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007/09/25 08:14:32 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2007/09/25 08:14:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2007/08/13 00:40:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[2007/08/12 23:36:13 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll
[2002/03/11 05:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002/03/11 04:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

========== Files - Modified Within 30 Days ==========

[2011/03/16 23:17:09 | 004,288,660 | R--- | M] () -- C:\Users\Andreita\Desktop\ComboFix.exe
[2011/03/16 23:10:26 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Andreita\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/03/16 23:01:16 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 23:01:16 | 000,108,188 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 22:56:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/16 22:55:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 22:55:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/16 22:25:12 | 001,006,764 | ---- | M] () -- C:\Users\Andreita\Desktop\rkill.scr
[2011/03/15 16:50:30 | 000,326,999 | ---- | M] () -- C:\Users\Andreita\Documents\WestonBusinesses.pdf
[2011/03/15 11:55:48 | 000,256,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 10:53:24 | 000,061,773 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2011/03/15 10:07:16 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/15 10:06:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/14 16:21:25 | 000,000,129 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2011/03/13 11:31:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Andreita\Desktop\OTL.exe
[2011/03/12 22:32:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/10 16:30:06 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011/03/05 01:01:42 | 000,000,947 | ---- | M] () -- C:\Users\Andreita\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/25 10:24:30 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
[2011/02/25 10:24:29 | 000,073,728 | ---- | M] () -- C:\Windows\System32\APISlice.dll
[2011/02/19 14:40:02 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
[2011/02/19 14:34:18 | 000,000,119 | -H-- | M] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#

========== Files Created - No Company Name ==========

[2011/03/16 23:17:09 | 004,288,660 | R--- | C] () -- C:\Users\Andreita\Desktop\ComboFix.exe
[2011/03/16 22:25:12 | 001,006,764 | ---- | C] () -- C:\Users\Andreita\Desktop\rkill.scr
[2011/03/15 23:27:42 | 001,049,814 | ---- | C] () -- C:\Users\Andreita\Documents\pic.bmp
[2011/03/15 16:50:30 | 000,326,999 | ---- | C] () -- C:\Users\Andreita\Documents\WestonBusinesses.pdf
[2011/03/15 11:39:53 | 000,001,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011/03/15 11:38:48 | 000,001,231 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011/03/15 11:35:31 | 000,001,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011/03/15 11:33:51 | 000,002,029 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011/03/15 10:47:14 | 000,000,044 | ---- | C] () -- C:\Windows\System32\lxddrwrd.ini
[2011/03/15 10:46:54 | 000,286,720 | ---- | C] () -- C:\Windows\System32\LXDDinst.dll
[2011/03/15 10:46:54 | 000,061,773 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2011/03/15 10:46:53 | 000,646,455 | ---- | C] () -- C:\Windows\System32\lxddhelp.chm
[2011/03/15 10:46:52 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxddgrd.dll
[2011/03/15 10:46:51 | 000,001,932 | ---- | C] () -- C:\Windows\System32\lxdd.loc
[2011/03/15 10:07:16 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/03/15 10:06:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/03/14 22:59:10 | 000,002,415 | ---- | C] () -- C:\Users\Andreita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk
[2011/03/14 17:40:17 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/03/14 17:40:13 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/03/14 17:39:55 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/03/14 17:39:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/14 17:39:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/14 17:39:42 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/03/14 17:39:34 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/03/14 17:39:03 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/03/14 17:38:59 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/03/14 17:36:54 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/03/14 17:36:41 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/03/14 16:21:25 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/03/12 22:11:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/12 22:11:08 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/12 22:11:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/12 22:11:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/12 22:11:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/05 17:00:52 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/05 17:00:52 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/05 17:00:52 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/05 00:52:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/03/05 00:42:14 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2011/03/05 00:28:33 | 000,002,048 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle Designer 8.0.lnk
[2011/03/05 00:28:32 | 000,002,449 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 8.lnk
[2011/02/25 10:24:30 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice_AVG_RESTORED.dll
[2011/02/25 10:24:29 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2011/02/24 19:31:30 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 8 Professional.lnk
[2011/02/19 14:40:02 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.michelleq.odt#
[2011/02/19 14:34:18 | 000,000,119 | -H-- | C] () -- C:\Users\Andreita\Documents\.~lock.Andreita carta Emmaus.odt#
[2011/02/15 13:29:37 | 000,045,208 | ---- | C] () -- C:\Users\Andreita\Desktop\JennySM.jpg
[2010/09/05 15:17:50 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/05/22 19:39:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/01/27 16:56:00 | 000,005,972 | ---- | C] () -- C:\Users\Andreita\AppData\Local\d3d9caps.dat
[2008/01/12 19:51:12 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/26 02:30:55 | 000,036,352 | ---- | C] () -- C:\Users\Andreita\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/13 16:01:44 | 003,395,343 | ---- | C] () -- C:\Program Files\openofficeorg4.cab
[2007/11/13 16:00:51 | 067,695,863 | ---- | C] () -- C:\Program Files\openofficeorg3.cab
[2007/11/13 15:49:19 | 017,646,967 | ---- | C] () -- C:\Program Files\openofficeorg2.cab
[2007/11/13 15:48:24 | 018,827,152 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2007/11/13 15:47:02 | 004,364,800 | ---- | C] () -- C:\Program Files\openofficeorg23.msi
[2007/11/13 15:47:02 | 000,000,217 | ---- | C] () -- C:\Program Files\setup.ini
[2007/09/25 09:04:01 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007/09/25 09:04:00 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007/09/25 08:18:57 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007/08/14 03:30:25 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007/08/13 00:47:50 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007/08/13 00:47:50 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007/08/13 00:47:17 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007/08/13 00:40:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007/08/13 00:00:34 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/08/12 23:58:20 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007/08/12 23:37:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/08/12 23:36:23 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/12 23:36:23 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1268.dll
[2007/08/12 23:36:13 | 001,729,152 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007/04/25 19:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007/04/25 19:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007/04/25 19:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007/04/25 19:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007/04/25 19:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2007/03/28 14:16:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxddcoin.dll
[2007/01/23 19:40:04 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxddcaps.dll
[2007/01/09 17:13:08 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdddrs.dll
[2006/12/25 18:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006/11/13 08:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006/11/02 09:12:52 | 000,217,088 | ---- | C] () -- C:\Windows\System32\missouri.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,256,696 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,108,188 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/06 17:08:04 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxddcnv4.dll
[2006/05/18 02:47:12 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxddvs.dll
[2002/08/09 07:18:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\pandoras.dll
[2001/12/26 19:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 02:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 19:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 01:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2011/02/24 16:28:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acer
[2011/02/24 17:04:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011/02/24 16:28:33 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Acer
[2011/03/04 21:39:35 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\AVG9
[2009/06/07 23:10:16 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\FloodLightGames
[2009/10/27 00:00:32 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\GetRightToGo
[2011/03/13 23:50:44 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IObit
[2010/09/18 15:39:50 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\IrfanView
[2007/12/25 09:13:13 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Leadertech
[2011/03/15 10:58:46 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Lexmark Productivity Studio
[2010/04/29 21:35:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\OpenOffice.org
[2009/06/07 23:08:41 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\SpinTop
[2008/01/12 19:51:10 | 000,000,000 | ---D | M] -- C:\Users\Andreita\AppData\Roaming\Thunderbird
[2011/03/16 22:55:05 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry key HKEY_USERS\S-1-5-21-3491203945-3468334671-3765132890-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mlxchange.com\sef\ deleted successfully.
C:\ProgramData\App4rTemp folder moved successfully.
C:\Program Files\AVG\AVG9\Notification folder moved successfully.
C:\Program Files\AVG\AVG9\Icons folder moved successfully.
C:\Program Files\AVG\AVG9\3rd_party\licenses folder moved successfully.
C:\Program Files\AVG\AVG9\3rd_party folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
C:\ProgramData\avg9\Log folder moved successfully.
C:\ProgramData\avg9 folder moved successfully.
C:\Users\Andreita\AppData\Roaming\AVG9\cfgall folder moved successfully.
C:\Users\Andreita\AppData\Roaming\AVG9 folder moved successfully.
C:\Windows\System32\APISlice_AVG_RESTORED.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Andreita
->Temp folder emptied: 241411 bytes
->Temporary Internet Files folder emptied: 4868019 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Andreita
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03162011_235002

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

GREAT JOB fixing the AVG problem....

Here's COMBOFIX

ComboFix 11-03-16.03 - Andreita 03/17/2011 0:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.254 [GMT -4:00]
Running from: c:\users\Andreita\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-17 to 2011-03-17 )))))))))))))))))))))))))))))))
.
.
2011-03-17 04:17 . 2011-03-17 04:17 -------- d-----w- c:\users\Andreita\AppData\Local\temp
2011-03-17 04:17 . 2011-03-17 04:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-16 17:48 . 2011-03-16 17:48 -------- d-----w- c:\program files\7-Zip
2011-03-15 18:49 . 2011-03-17 01:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-15 15:41 . 2011-03-15 15:41 -------- d-----w- c:\windows\en
2011-03-15 15:41 . 2010-09-23 04:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2011-03-15 15:41 . 2011-03-15 15:41 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-15 15:36 . 2011-03-15 15:36 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-15 15:18 . 2011-03-15 15:18 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\438545691cbe32410\MeshBetaRemover.exe
2011-03-15 15:18 . 2011-03-15 15:18 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\3f9d83e91cbe3240f\InstallManager_WLE_WLE.exe
2011-03-15 15:17 . 2009-09-04 21:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-15 15:17 . 2009-09-04 21:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-15 15:17 . 2009-09-04 21:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-15 15:17 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-15 15:14 . 2011-03-15 15:14 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\DSETUP.dll
2011-03-15 15:14 . 2011-03-15 15:14 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\DXSETUP.exe
2011-03-15 15:14 . 2011-03-15 15:14 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\a9e729091cbe32309\dsetup32.dll
2011-03-15 15:13 . 2011-03-15 15:13 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\DSETUP.dll
2011-03-15 15:13 . 2011-03-15 15:13 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\DXSETUP.exe
2011-03-15 15:13 . 2011-03-15 15:13 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\9795d4491cbe32307\dsetup32.dll
2011-03-15 14:58 . 2011-03-15 14:58 -------- d-----w- c:\users\Andreita\AppData\Roaming\Lexmark Productivity Studio
2011-03-15 14:53 . 2011-03-15 15:21 -------- d-----w- c:\program files\Lx_cats
2011-03-15 14:53 . 2011-03-15 14:53 -------- d-----w- C:\logs
2011-03-15 14:52 . 2007-02-27 09:16 103936 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxdddrpp.dll
2011-03-15 14:47 . 2011-03-15 14:47 -------- d-----w- c:\program files\Lexmark Toolbar
2011-03-15 14:47 . 2011-03-15 14:48 -------- d-----w- c:\program files\Lexmark 2500 Series
2011-03-15 14:44 . 2011-03-15 14:44 -------- d-----w- C:\drivers
2011-03-15 14:08 . 2011-03-15 14:08 -------- d-----w- c:\program files\Windows Portable Devices
2011-03-15 13:42 . 2011-03-15 18:33 -------- d-----w- c:\users\Andreita\AppData\Local\Windows Live
2011-03-15 13:38 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2011-03-15 13:36 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-03-15 13:36 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-03-15 13:36 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-03-15 13:35 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-03-15 13:35 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-03-15 13:35 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-03-15 13:35 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-03-15 13:35 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-03-15 13:35 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-03-15 13:35 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-03-15 13:31 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-03-15 13:31 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-03-15 13:31 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-03-15 02:59 . 2011-03-15 02:59 3584 ----a-r- c:\users\Andreita\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2011-03-15 02:59 . 2011-03-15 02:59 -------- d-----w- c:\program files\Windows Installer Clean Up
2011-03-15 01:17 . 2007-03-23 09:05 29272 ----a-r- c:\windows\system32\AdobePDF.dll
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\ca-ES
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\eu-ES
2011-03-14 23:00 . 2011-03-14 23:03 -------- d-----w- c:\windows\system32\vi-VN
2011-03-14 21:43 . 2011-03-14 21:43 -------- d-----w- c:\windows\system32\EventProviders
2011-03-14 21:41 . 2009-04-11 05:03 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-03-14 21:41 . 2009-04-11 06:28 1081344 ----a-w- c:\windows\system32\SLCExt.dll
2011-03-14 21:41 . 2009-04-11 06:27 3408896 ----a-w- c:\windows\system32\SLsvc.exe
2011-03-14 21:41 . 2009-04-11 06:28 2134528 ----a-w- c:\windows\system32\FunctionDiscoveryFolder.dll
2011-03-14 21:41 . 2009-04-11 06:27 65536 ----a-w- c:\windows\system32\DevicePairingWizard.exe
2011-03-14 21:41 . 2009-04-11 05:03 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-03-14 21:41 . 2009-04-11 06:28 1480704 ----a-w- c:\windows\system32\mssrch.dll
2011-03-14 21:39 . 2009-04-11 06:28 1985024 ----a-w- c:\windows\system32\authui.dll
2011-03-14 21:38 . 2009-04-11 06:32 122344 ----a-w- c:\windows\system32\drivers\Storport.sys
2011-03-14 21:37 . 2009-04-11 06:28 17920 ----a-w- c:\windows\system32\wscisvif.dll
2011-03-14 21:36 . 2009-04-11 06:28 17408 ----a-w- c:\windows\system32\vdmdbg.dll
2011-03-14 21:35 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-03-14 21:35 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-14 21:35 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-03-14 20:15 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-03-14 20:15 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll
2011-03-14 20:15 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-14 20:15 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-14 20:15 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-14 20:15 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-14 20:15 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-14 20:15 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-03-14 19:18 . 2011-03-14 19:18 -------- d-----w- c:\program files\VS Revo Group
2011-03-14 18:30 . 2011-03-14 18:30 -------- d--h--w- c:\programdata\Common Files
2011-03-14 16:14 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-03-14 03:50 . 2011-03-14 03:50 -------- d-----w- c:\program files\IObit
2011-03-14 01:40 . 2011-03-14 01:40 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-13 20:04 . 2011-03-14 01:58 -------- d-----w- c:\users\Andreita\AppData\Local\NOS
2011-03-13 17:26 . 2011-03-13 17:26 -------- d-----w- c:\program files\ESET
2011-03-13 16:51 . 2011-03-14 18:09 -------- d-----w- C:\_OTL
2011-03-13 03:30 . 2011-02-23 14:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13F85AA5-C7EF-41F1-A332-C1415CF23048}\mpengine.dll
2011-03-05 21:01 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-03-05 21:01 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-03-05 21:01 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-03-05 21:01 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-03-05 21:01 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-03-05 04:52 . 2010-12-18 04:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-05 04:51 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-03-02 14:28 . 2011-03-02 14:28 -------- d-----w- c:\users\Andreita\AppData\Local\offsync
2011-03-02 14:23 . 2011-03-02 14:23 -------- d-----w- c:\users\Andreita\AppData\Local\Starfield
2011-02-26 00:32 . 2011-02-26 00:32 -------- d-----w- c:\program files\Apple Software Update
2011-02-25 14:24 . 2011-02-25 14:24 73728 ----a-w- c:\windows\system32\APISlice.dll
2011-02-25 13:25 . 2011-02-25 13:25 -------- d-----w- c:\windows\Sun
2011-02-24 23:37 . 2011-02-25 03:28 -------- d-----w- c:\programdata\FLEXnet
2011-02-24 23:37 . 2011-02-24 23:37 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-02-24 22:49 . 2011-03-15 18:50 -------- d-----w- c:\users\Andreita\AppData\Roaming\Malwarebytes
2011-02-24 20:26 . 2011-02-24 21:37 -------- d-----w- c:\users\Administrator
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-15 15:57 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-15 03:23 . 2010-04-26 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-10 02:45 . 2011-02-10 02:45 1409 ----a-w- c:\windows\QTFont.for
2011-02-02 22:11 . 2010-04-26 16:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-08 08:47 . 2011-02-09 04:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-09 04:17 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:57 . 2011-02-09 04:17 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-12 10:54 413696 ----a-w- c:\windows\system32\odbc32.dll
2007-11-13 19:47 . 2007-11-13 19:47 4364800 ----a-w- c:\program files\openofficeorg23.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-13 174872]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-28 4472832]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 857648]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-06-29 707080]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-25 45056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-11 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxddserv.exe [2007-05-25 99248]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-14 46592]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 537520]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = about:blank
DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/MLSClientUtils.cab
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://sef.mlxchange.com/5.2.06.12571/Control/IRCSharc.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-17 00:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\Play Movie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-03-17 00:23:12
ComboFix-quarantined-files.txt 2011-03-17 04:23
.
Pre-Run: 18,977,910,784 bytes free
Post-Run: 18,839,658,496 bytes free
.
- - End Of File - - 9D448D5438FACC07AAC3D664467A1163

You read my mind.....AVG has lost it's favor with me!

Looks like this one fixed my MLS (Real Estate) database issues too.

DOUBLE THANKS!!!

Everything seems normal. No redirects or weired searches

What Apps/logs do I need to delete?