Solved Programs not installing or running, completed 8 steps

Status
Not open for further replies.
M

mom26gr8kids

Posts: 574   +0
I have Windows Vista 32 bit and despite all the complaints about Vista it hasn't given me any trouble until December. In December I tried to install several programs that I could not get to work. After contacting tech support I gave up and figured that it was just one of the disadvantages of having Vista and I set the programs aside to install on my laptop (I am waiting on a new hard drive). I had some previous problems also, I thought perhaps the display driver. I replaced the monitor in December and it has been better, but I am still having some issues with the computer, and the last couple days my Comodo has really been giving me problems, which caused me to think that I may have a virus.

Here are my issues:
1--on occasion the computer freezes up and has to be manually turned off, there have also been several occasions when I booted up (or rebooted and got a message saying that Windows needed to be repaired and I have been sent to this screen where Windows attempts to correct my issues. I also did a system restore once when Windows kept saying that it couldn't repair my computer.

2--I have been unable to download games from a site that I have used frequently (Acer Gamezone by Oberon Media). In addition all games that I have previously purchased, played and had no trouble with no longer work. If my computer hadn't been having other issues then I would have contacted them first.

3--When attempting to download new programs my Comodo will repeatedly ask me if it should allow launch.exe for whatever program I am attempting to download. The problem is it asks me that over and over and never actually downloads the program even though I click on allow. I had to turn Comodo off to even run the 8 steps.

Here are my logs, I hope that you can help.

.
2011-03-19 23:05:12 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2011-03-19 23:05:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-19 23:05:00 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-19 23:04:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 23:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-19 21:21:31 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-03-19 21:20:49 -------- d-----w- c:\program files\LSI SoftModem
2011-03-18 15:47:57 -------- d-----w- c:\program files\iPod
2011-03-18 15:47:53 -------- d-----w- c:\program files\iTunes
2011-03-18 15:41:28 -------- d-----w- c:\program files\Bonjour
2011-03-09 19:20:01 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:19:58 723456 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:19:58 605184 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:19:58 190976 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:19:55 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 19:19:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:01:05 -------- d-----w- c:\program files\Application Updater
2011-03-08 22:01:04 -------- d-----w- c:\program files\common files\Spigot
2011-03-04 18:56:54 15256 ----a-w- c:\users\dad\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-02-18 22:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-04 01:47:01 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 21:43:41 286720 ----a-w- c:\windows\iun506.exe
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:05:16.47 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/10/2006 7:16:20 PM
System Uptime: 3/19/2011 5:24:45 PM (1 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: AMD Athlon(tm) 7450 Dual-Core Processor | Socket AM2 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 48.264 GiB free.
D: is FIXED (NTFS) - 142 GiB total, 141.567 GiB free.
E: is CDROM (CDFS)
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1446: 3/10/2011 3:00:13 AM - Windows Update
RP1448: 3/10/2011 1:04:15 PM - Configured Microsoft Office Home and Student 2007
RP1449: 3/11/2011 8:08:47 AM - Windows Update
RP1450: 3/12/2011 3:00:13 AM - Windows Update
RP1451: 3/13/2011 4:00:12 AM - Windows Update
RP1452: 3/14/2011 3:00:11 AM - Windows Update
RP1453: 3/15/2011 3:00:13 AM - Windows Update
RP1454: 3/16/2011 3:00:11 AM - Windows Update
RP1455: 3/17/2011 9:13:25 AM - Windows Update
RP1456: 3/18/2011 9:13:02 AM - Windows Update
RP1457: 3/18/2011 9:42:13 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP1458: 3/19/2011 3:00:13 AM - Windows Update
RP1459: 3/19/2011 3:19:33 PM - Windows Update
.
==== Installed Programs ======================
.
2002 Games
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Acrobat.com
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.2
Adobe Shockwave Player 11.5
Agere Systems PCI-SV92EX Soft Modem
Alice Greenfingers
Alien Shooter
Amazon MP3 Downloader 1.0.10
Anna`s Ice Cream
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AV Input Selection
Avenue Flo - Special Delivery
AVG 2011
Babysitting Mania
Blood Ties
Bonjour
Bookworm Adventures
Build In Time
Burger Shop
C:\Program Files\Acer GameZone\GameConsole
Cake Mania
Chicken Invaders 2
Chocolatier
Choice Guard
COMODO Internet Security
Cookie Domination
Cooking Academy
Cooking Dash
Cooking Dash Diner Town Studios
Coupon Printer for Windows
Dairy Dash
Direct Show Ogg Vorbis Filter (remove only)
Doggie Dash
Double Play Jojo’s Fashion Show 1 & 2
Dream Day First Home
Dream Day Wedding
Dream Day Wedding Married in Manhattan
eMusic Download Manager 4.1.4
EPSON TWAIN 5
Family Feud 3
Fashion Dash
Free Realms
Free Realms Installer
Galapago
Garfield's Typing Pal
Go-Go Gourmet
Go Go Gourmet Chef of the Year
Google Desktop
Google SketchUp 8
Guitar Praise
Hax264 Codec 2.1.0.8
Heroes of Hellas
Home Sweet Home
Hotel Dash Suite Success
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
igLoader
ijji REACTOR
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Jessicas Cupcake Cafe
Jewelleria
Junk Mail filter update
Kelly Green Garden Queen
Kitchen Brigade
LEGO Universe
Lizard Safeguard - PDF Viewer 2.5.137
LSI PCI-SV92EX Soft Modem
Magic Farm
Magic Match Adventures
Malwarebytes' Anti-Malware
Math Missions Grades 3-5
Math Missions Grades K-2
Mavis Beacon Teaches Typing 15
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Train Simulator
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.17)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Solitaire - Secret Island
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
NVIDIA Stereoscopic 3D Driver
OGA Notifier 2.0.0048.0
Orchard
Passport to Perfume™
PDFCreator
pdfforge Toolbar v4.3
Picasa 3
PlayReady PC runtime
Puzzle and Board XP Championship
QuickTime
Roblox
ScanToWeb
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Media Encoder (KB2447961)
Shopmania
Spelling Dictionaries Support For Adobe Reader 9
SpywareBlaster 4.2
Sunshine Acres
SUPERAntiSpyware Free Edition
System Requirements Lab
Teach Yourself to Play Guitar 1.8.1
Timez Attack
U.B. Funkeys
Uninstall Dual Mode Camera
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Wedding Dash 2
Wedding Dash Ready Aim Love
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Yard Sale Junkie
Year 2 year-plan
Year 3 Curriculum
Year 3 Interface
.
==== Event Viewer Messages From Past Week ========
.
3/19/2011 5:26:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
3/19/2011 4:42:04 AM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
3/19/2011 3:21:08 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Live Essentials 2011 (KB2434419).
3/19/2011 3:02:35 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).
3/18/2011 9:43:11 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/18/2011 9:41:51 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/18/2011 10:41:11 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/18/2011 10:41:11 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/18/2011 10:41:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/16/2011 12:16:35 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.
.
==== End Of File ===========================

GMER 1.0.15.15565 - http://www.gmer.net
Rootkit quick scan 2011-03-19 17:51:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005c Hitachi_ rev.ST2O
Running: hirnpq9w.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6108

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

3/19/2011 5:23:14 PM
mbam-log-2011-03-19 (17-23-14).txt

Scan type: Quick scan
Objects scanned: 155159
Time elapsed: 4 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Delete on reboot.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome (Adware.GamesVance) -> Delete on reboot.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome.manifest (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\install.rdf (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\chrome\gvtextlinks.jar (Adware.GamesVance) -> Delete on reboot.
c:\Users\Dad\AppData\Roaming\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components\gvtlf.xpt (Adware.GamesVance) -> Quarantined and deleted successfully.
 
I also forgot to mention that I have been unable to update my Java or Adobe because of Comodo. I know that it's important to keep these programs up to date because they are susceptible to viruses, but Comodo will not let me install them. (Note I have not tried installing them with Comodo off)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================================================

Top of DDS.txt log is missing.
Please, repost it.

When done....

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

========================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
rest of dds log

Here is the DDS log that was missing. Only the top was missing, but I just re-copied and pasted the whole thing. You said after I did that I could begin the cleaning process you recommended. I don't have much time to do that tonight, so I will start tomorrow morning. In the meantime let me know if you find anything that changes the steps I have to follow. I have been gone most of the day, so I haven't been on the computer much. It hasn't given me any issues today (but I haven't tried installing or running any programs either except for Mozilla)

Thanks
Kendra
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Dad at 17:59:09.00 on Sat 03/19/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1499 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Carbonite\CarbonitePreinstaller.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Dad\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.3\pdfforgeToolbarIE.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled
mRun: [eRecoveryService]
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\person~1.lnk - c:\program files\broderbund\mavis beacon teaches typing 15\minimavis.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll, c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\iwonei\installr\1.bin\NPjfEISb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dad\appdata\locallow\sony online entertainment\npsoe.dll
FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\users\dad\appdata\roaming\mozilla\firefox\profiles\svjtkm5q.default\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-8-26 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-8-26 29520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-4 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 67656]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2009-1-19 269448]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-1-28 387072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-19 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-7-9 248936]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-1-19 43552]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-10-19 517448]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\google\google desktop search\googledesktop.exe" --> c:\program files\google\google desktop search\GoogleDesktop.exe [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-03-19 23:05:12 -------- d-----w- c:\users\dad\appdata\roaming\Malwarebytes
2011-03-19 23:05:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-19 23:05:00 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-19 23:04:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 23:04:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-19 21:21:31 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-03-19 21:20:49 -------- d-----w- c:\program files\LSI SoftModem
2011-03-18 15:47:57 -------- d-----w- c:\program files\iPod
2011-03-18 15:47:53 -------- d-----w- c:\program files\iTunes
2011-03-18 15:41:28 -------- d-----w- c:\program files\Bonjour
2011-03-09 19:20:01 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:19:58 723456 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:19:58 605184 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:19:58 190976 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:19:55 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 19:19:55 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-08 22:01:05 -------- d-----w- c:\program files\Application Updater
2011-03-08 22:01:04 -------- d-----w- c:\program files\common files\Spigot
2011-03-04 18:56:54 15256 ----a-w- c:\users\dad\appdata\roaming\microsoft\identitycrl\production\ppcrlconfig.dll
2011-02-18 22:36:58 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 22:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
==================== Find3M ====================
.
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-04 01:47:01 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-31 13:57:01 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 21:43:41 286720 ----a-w- c:\windows\iun506.exe
2010-12-20 16:36:20 834048 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 15:37:57 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 14:55:46 389632 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:00:04.07 ===============
 
Combofix and MBR logs

As it turns out I had to wait up for my boys, so I ran the scans. Here are the logs from them.

ComboFix 11-03-19.04 - Dad 03/20/2011 22:02:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1689 [GMT -6:00]
Running from: c:\users\Dad\Downloads\ComboFix.exe
FW: COMODO Firewall *Disabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE}
SP: COMODO Defense+ *Disabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\pdfforge Toolbar\IE\4.3\pdFForgetoolbarie.dll
c:\timezattack\TimezAttack.exe
c:\users\Dad\AppData\Roaming\.#
c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E62990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E629C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1164@1E629F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1338@9A29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1440@1D29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1448@2092990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1448@20929C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1448@20929F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F42990.###
c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F429C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@14FC@1F429F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E42990.###
c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E429C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@15A0@1E429F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1628@1FA29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@16C4@17C29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F22990.###
c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F229C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@172C@1F229F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1734@3C29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@173C@722990.###
c:\users\Dad\AppData\Roaming\.#\MBX@173C@7229C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@173C@7229F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@177C@17A29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1790@2032990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1790@20329C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1790@20329F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@1914@1DC29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@238@9C2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@238@9C29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@238@9C29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E82990.###
c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E829C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@2DC@1E829F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F02990.###
c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F029C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@3A0@1F029F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E92990.###
c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E929C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@3D0@1E929F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@B74@1EB29F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F82990.###
c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F829C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@C9C@1F829F0.###
c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC2990.###
c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC29C0.###
c:\users\Dad\AppData\Roaming\.#\MBX@FDC@1EC29F0.###
c:\users\Dad\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com
c:\users\Dad\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-21 to 2011-03-21 )))))))))))))))))))))))))))))))
.
.
2011-03-21 04:14 . 2011-03-21 04:15 -------- d-----w- c:\users\Dad\AppData\Local\temp
2011-03-21 04:14 . 2011-03-21 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-19 23:05 . 2011-03-19 23:05 -------- d-----w- c:\users\Dad\AppData\Roaming\Malwarebytes
2011-03-19 23:05 . 2011-03-19 23:05 -------- d-----w- c:\programdata\Malwarebytes
2011-03-19 23:05 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-19 23:04 . 2011-03-19 23:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-19 23:04 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 21:21 . 2010-08-12 17:46 758784 ----a-w- c:\windows\system32\cohelper.dll
2011-03-19 21:20 . 2011-03-19 21:20 -------- d-----w- c:\program files\LSI SoftModem
2011-03-18 15:47 . 2011-03-18 15:47 -------- d-----w- c:\program files\iPod
2011-03-18 15:47 . 2011-03-18 15:48 -------- d-----w- c:\program files\iTunes
2011-03-18 15:41 . 2011-03-18 15:41 -------- d-----w- c:\program files\Bonjour
2011-03-09 19:20 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 19:19 . 2011-01-05 01:07 723456 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 19:19 . 2011-01-05 01:07 605184 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 19:19 . 2011-01-05 01:06 190976 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-09 19:19 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 19:19 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-08 22:01 . 2011-03-08 22:01 -------- d-----w- c:\program files\Application Updater
2011-03-08 22:01 . 2011-03-08 22:01 -------- d-----w- c:\program files\Common Files\Spigot
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 22:36 . 2011-02-18 22:36 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 22:36 . 2011-02-18 22:36 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-20 16:37 . 2011-02-10 22:40 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-10 22:40 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-10 22:40 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-10 22:40 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-10 22:40 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-10 22:40 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-10 22:40 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-10 22:40 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-10 22:40 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-10 22:40 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-10 22:40 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-10 22:40 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-10 22:40 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-10 22:40 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-10 22:40 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-10 22:40 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-10 22:40 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-10 22:40 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-20 14:24 . 2011-02-10 22:40 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-10 22:40 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-10 22:40 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-10 22:40 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-10 22:40 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-10 22:40 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-10 22:40 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-10 22:40 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-20 13:44 . 2011-02-10 22:40 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-01-20 13:44 . 2011-02-10 22:40 797184 ----a-w- c:\windows\system32\FntCache.dll
2011-01-08 08:47 . 2011-02-10 22:36 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 06:28 . 2011-02-10 22:36 292352 ----a-w- c:\windows\system32\atmfd.dll
2011-01-04 01:47 . 2009-01-20 01:20 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-12-31 13:57 . 2011-02-10 22:41 2039808 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 15:55 . 2011-01-13 16:11 413696 ----a-w- c:\windows\system32\odbc32.dll
2010-12-27 21:43 . 2010-09-17 19:02 286720 ----a-w- c:\windows\iun506.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 05:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-30 01:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2008-12-03 3882312]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-11 2423752]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-10-01 319488]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-10-01 323584]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-30 526896]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-21 204908]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-17 1800464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-01-29 526336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-21 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Personal Coach.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 15\minimavis.exe [2010-12-28 2392064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-02-17 130960]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-02-17 29520]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-29 67656]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-21 269448]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-01-29 387072]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-10-01 24576]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-03-22 43552]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?brand=ACAW&bmod=ACUS
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-igLoader - c:\program files\igLoader\uninstall.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 22:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(7984)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(7912)
c:\windows\system32\guard32.dll
.
Completion time: 2011-03-20 22:21:17
ComboFix-quarantined-files.txt 2011-03-21 04:21
.
Pre-Run: 51,187,994,624 bytes free
Post-Run: 51,034,611,712 bytes free
.
- - End Of File - - EC01C9F7F5DE5E75B348B13D188B6C28

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire X1300
Logical Drives Mask: 0x0000051c

Kernel Drivers (total 161):
0x87415000 \SystemRoot\system32\ntkrnlpa.exe
0x877CF000 \SystemRoot\system32\hal.dll
0x80605000 \SystemRoot\system32\kdcom.dll
0x8060C000 \SystemRoot\system32\PSHED.dll
0x8061D000 \SystemRoot\system32\BOOTVID.dll
0x80625000 \SystemRoot\system32\CLFS.SYS
0x80666000 \SystemRoot\system32\CI.dll
0x80746000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x87A0C000 \SystemRoot\system32\drivers\acpi.sys
0x87A52000 \SystemRoot\system32\drivers\WMILIB.SYS
0x87A5B000 \SystemRoot\system32\drivers\msisadrv.sys
0x87A63000 \SystemRoot\system32\drivers\pci.sys
0x87A8A000 \SystemRoot\System32\drivers\partmgr.sys
0x87A99000 \SystemRoot\system32\drivers\volmgr.sys
0x87AA8000 \SystemRoot\System32\drivers\volmgrx.sys
0x87AF2000 \SystemRoot\system32\drivers\pciide.sys
0x87AF9000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x87B07000 \SystemRoot\System32\drivers\mountmgr.sys
0x87B17000 \SystemRoot\System32\Drivers\UBHelper.sys
0x87B1F000 \SystemRoot\system32\drivers\atapi.sys
0x87B27000 \SystemRoot\system32\drivers\ataport.SYS
0x87B45000 \SystemRoot\system32\DRIVERS\nvstor32.sys
0x87B69000 \SystemRoot\system32\DRIVERS\storport.sys
0x87BAA000 \SystemRoot\system32\drivers\fltmgr.sys
0x87BDC000 \SystemRoot\system32\drivers\fileinfo.sys
0x87BEC000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8E80C000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8E87D000 \SystemRoot\system32\drivers\ndis.sys
0x8E988000 \SystemRoot\system32\drivers\msrpc.sys
0x8E9B3000 \SystemRoot\system32\drivers\NETIO.SYS
0x8EA0E000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EC05000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ED15000 \SystemRoot\system32\drivers\volsnap.sys
0x8ED4E000 \SystemRoot\System32\Drivers\spldr.sys
0x8ED56000 \SystemRoot\System32\Drivers\mup.sys
0x8ED65000 \SystemRoot\System32\drivers\ecache.sys
0x8ED8C000 \SystemRoot\system32\drivers\disk.sys
0x8ED9D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8EDBE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EDC7000 \SystemRoot\system32\DRIVERS\avgrkx86.sys
0x8EDCC000 \SystemRoot\system32\DRIVERS\AVGIDSEH.Sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EDF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EB37000 \SystemRoot\system32\DRIVERS\processr.sys
0x8EB46000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8EB4F000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x8EB57000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB61000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EB9F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92804000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92891000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x928A9000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x928B1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x928B7000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x92A03000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x93481000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x93483000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x93523000 \SystemRoot\System32\drivers\watchdog.sys
0x93601000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x9371E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x93720000 \SystemRoot\system32\drivers\modem.sys
0x9372D000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x9373D000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9374B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x9377A000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x93785000 \SystemRoot\system32\drivers\windrvr6.sys
0x937B3000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x937CA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x937D5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9352F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x9353E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x93552000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x93567000 \SystemRoot\system32\DRIVERS\termdd.sys
0x93577000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x93582000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x937F8000 \SystemRoot\system32\DRIVERS\swenum.sys
0x9358D000 \SystemRoot\system32\DRIVERS\ks.sys
0x935B7000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x935C1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x928FD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x935CE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92932000 \SystemRoot\system32\drivers\HdAudio.sys
0x92971000 \SystemRoot\system32\drivers\portcls.sys
0x9299E000 \SystemRoot\system32\drivers\drmk.sys
0x935DF000 \SystemRoot\system32\drivers\nvhda32v.sys
0x935ED000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0x929C3000 \SystemRoot\System32\DRIVERS\cmdguard.sys
0x929E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x935F9000 \SystemRoot\System32\Drivers\Null.SYS
0x929EF000 \SystemRoot\System32\Drivers\Beep.SYS
0x8EBC1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8EBC8000 \SystemRoot\System32\drivers\vga.sys
0x8EBD4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x929F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8EBF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EA00000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EBAE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E9EE000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x807CF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E800000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0x807E5000 \SystemRoot\system32\DRIVERS\smb.sys
0x94007000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0x9404F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x94081000 \SystemRoot\system32\drivers\afd.sys
0x940C9000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x940D2000 \SystemRoot\system32\DRIVERS\pacer.sys
0x940E8000 \SystemRoot\system32\DRIVERS\inspect.sys
0x940FD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9410B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9411E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x94135000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0x94157000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x9415D000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9416A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x941A6000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x941B0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x941BA000 \SystemRoot\System32\Drivers\dfsc.sys
0x9480A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0x94846000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x9484F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9485F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94867000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x94870000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x94885000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9489B000 \SystemRoot\System32\Drivers\crashdmp.sys
0x948A8000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x948B2000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x81610000 \SystemRoot\System32\win32k.sys
0x948D6000 \SystemRoot\System32\drivers\Dxapi.sys
0x948E0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81830000 \SystemRoot\System32\TSDDD.dll
0x81850000 \SystemRoot\System32\cdd.dll
0x948EF000 \SystemRoot\system32\drivers\luafv.sys
0x9490A000 \SystemRoot\system32\drivers\spsys.sys
0x949BA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x949CA000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA7A01000 \SystemRoot\system32\drivers\HTTP.sys
0xA7A6E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA7A8B000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA7AA4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA7AB9000 \SystemRoot\system32\drivers\mrxdav.sys
0xA7ADA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA7AF9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA7B32000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA7B4A000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA7B72000 \SystemRoot\System32\DRIVERS\srv.sys
0xA7BC0000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA7BCB000 \??\C:\Windows\system32\drivers\int15.sys
0xB0203000 \SystemRoot\system32\drivers\peauth.sys
0xB02E1000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xB02EA000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xB02FC000 \SystemRoot\System32\Drivers\secdrv.SYS
0xB0306000 \SystemRoot\System32\drivers\tcpipreg.sys
0xB0312000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB031C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xB0331000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xB0343000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0x81860000 \SystemRoot\System32\ATMFD.DLL
0x77C00000 \Windows\System32\ntdll.dll

Processes (total 78):
0 System Idle Process
4 System
7664 C:\Windows\System32\smss.exe
7696 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
7904 csrss.exe
7964 csrss.exe
7972 C:\Windows\System32\wininit.exe
8028 C:\Windows\System32\winlogon.exe
8060 C:\Windows\System32\services.exe
8080 C:\Windows\System32\lsass.exe
8088 C:\Windows\System32\lsm.exe
1264 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\nvvsvc.exe
1440 C:\Windows\System32\svchost.exe
1592 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
1736 C:\Windows\System32\svchost.exe
1928 C:\Windows\System32\svchost.exe
2040 C:\Windows\System32\svchost.exe
424 C:\Windows\System32\svchost.exe
696 C:\Windows\System32\audiodg.exe
3076 C:\Windows\System32\SLsvc.exe
3004 C:\Windows\System32\svchost.exe
2860 C:\Windows\System32\nvvsvc.exe
1080 C:\Windows\System32\spoolsv.exe
880 C:\Windows\System32\svchost.exe
3380 C:\Windows\System32\taskeng.exe
3844 C:\Windows\System32\dwm.exe
3956 C:\Windows\explorer.exe
4408 C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
4424 C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
4464 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
4792 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
5032 C:\Windows\System32\agrsmsvc.exe
5120 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
5168 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
5208 C:\Program Files\AVG\AVG10\avgtray.exe
5504 C:\Program Files\Common Files\Java\Java Update\jusched.exe
5616 C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
5632 C:\Program Files\iTunes\iTunesHelper.exe
5688 C:\Program Files\Application Updater\ApplicationUpdater.exe
5720 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
5760 C:\Program Files\AVG\AVG10\avgwdsvc.exe
5776 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
5816 C:\Windows\ehome\ehtray.exe
5832 C:\Program Files\Windows Media Player\wmpnscfg.exe
5848 C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe
5912 C:\Program Files\Bonjour\mDNSResponder.exe
5960 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
6016 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
6348 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
6636 C:\Windows\System32\svchost.exe
6700 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
6812 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
6908 C:\Windows\System32\svchost.exe
7036 C:\Windows\System32\svchost.exe
7132 C:\Windows\System32\SearchIndexer.exe
7252 C:\Program Files\bin32\nSvcAppFlt.exe
7332 WUDFHost.exe
7380 C:\Program Files\bin32\nSvcIp.exe
396 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
804 C:\Program Files\AVG\AVG10\avgnsx.exe
1876 C:\Windows\ehome\ehmsas.exe
384 C:\Program Files\Windows Media Player\wmpnetwk.exe
6012 C:\Windows\ehome\ehsched.exe
2616 C:\Windows\ehome\ehrecvr.exe
7056 C:\Windows\System32\taskeng.exe
2808 C:\Program Files\iPod\bin\iPodService.exe
3216 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
6572 C:\Windows\System32\svchost.exe
3952 C:\Windows\System32\wuauclt.exe
4740 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
4884 C:\Program Files\AVG\AVG10\avgcsrvx.exe
7016 C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
6848 C:\Program Files\Mozilla Firefox\firefox.exe
3448 C:\Windows\System32\notepad.exe
6476 dllhost.exe
1640 dllhost.exe
6480 C:\Users\Dad\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`80100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`02e00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHDT721032SLA, Rev: ST2O

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 51300907C4CFB85815A6FF9748141B6F94144809


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!


Please let me know what the next steps are.

Kendra
 
Uninstall Ask Toolbar, typical foistware.

Combofix log looks good now.

How is computer doing?

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
I uninstalled the Ask.com toolbar from my control panel, but it is still there. Any ideas on how to get rid of it completely?

Also when I start up my computer now it is saying that Windows has blocked some programs on startup and to click to see what they are, only when I click the bubble disappears and doesn't show me anything.
 
I am having trouble with the bootkit remover. I downloaded it and then clicked on it to install. It said that Windows could not open this file, so I went in and selected 7zip to use to open this program, but then nothing happened. So I looked for bootkit in my files and clicked on it again. A black screen comes up, but I can't tell if there is data on it or not because it comes up for less than 1/2 second and then disappears off my screen.

And my Comodo still wouldn't let me install anything. I had to disable my firewall because like before it kept repeatedly asking me if I should allow this program only it never allows it.

Thanks
Kendra
 
This morning several of the games I was having issues with I was able to get to work, so there are definitely some improvements on my computer, but as previously mentioned not quite everything...yet anyway
 
Nevermind, the programs were running fine because my comodo was still disabled. So I appear to still be having the same issues at this point. The computer hasn't frozen up, but it hasn't done that in a couple weeks anyway, so not sure how to tell if that issue has been fixed.
 
Got the Bootkit remover to work, here is the log.

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6
002), 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`80100000
ATA_Read(): DeviceIoControl() ERROR 1
Boot sector MD5 is: 08c6d97449fb1d8bcab9d003ed787166

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...


My programs work if I put Comodo in training mode, so that seems to work. Still have the ask.com toolbar, but it is no longer listed under my programs in the control panel. Let me know what the next step is.
 
"Training mode", or "Safe mode" are fine.
We'll take care of Ask Toolbar in a moment.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
You already had me run ComboFix, so I just want to double check and make sure that you want me to run it twice. Since I ran it two days ago do I download it again, or can I just run the version that I installed on Sunday? Thanks
 
Ooops...sorry for that.

How is computer doing at the moment?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logs

OTL Extras logfile created on: 3/22/2011 10:34:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.04 Gb Total Space | 47.19 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
Drive D: | 142.04 Gb Total Space | 141.57 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2044E66B-8323-4657-9910-D5D7171DEEAD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E1171FFC-2CBD-4A83-8F83-B498578910D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F3B3EA-A1DB-4A04-98FD-20C44F07C5B6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{085BB11D-8FCA-4AE4-A62F-08643E39250C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1302120E-280E-4E01-8D03-349034181757}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{17B26786-8B9C-4322-87F5-714C3550682C}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1F2A0765-C9A3-4AD7-A438-AD1CA13FE20F}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{2ED63600-AC31-4DB5-867B-BBE59C6D6BB3}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4DC58EDA-492B-4265-91E4-9E33A98ACE6E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{55DA2ED7-0452-469B-B146-32B31C806321}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5A5E9FCD-E1D0-4295-A512-BCC2F568D6E1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5D6B01B3-61EA-4995-BABF-9E3CF7DDD992}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{65834532-6BA0-499A-8023-50D47CDE577B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{69AC4762-70F6-4105-84EA-61C2D9F2B0A3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BE38039-7BBD-44D4-A271-1897BD22D5DE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{7AF2AB31-77ED-4D76-8695-DEB2D8D65A8D}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{828125FB-4B2B-4892-89CE-DFD0297A4A99}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{883C7D4C-2F12-4D4A-811E-66164BA1C380}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8C0251F1-2E22-4CA4-8ADF-B1E1FF819CD1}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{914F42F1-2C07-4FAA-823D-9D5764BCE676}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{948B0315-30B0-49D1-B09C-33BF8EB08262}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{A6EA583C-A2E0-452A-91FE-45F032280003}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A7E33591-4711-44B3-AE01-35A89A42E007}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{A949F18A-0817-416E-9BFF-F803C52E8274}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{B121609F-BE7C-4CBE-8038-2553FAB415D0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B1C610F6-2035-4DC7-BC7C-7E81D477B09E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B89ADE20-EA39-4277-94DF-906E55EEB255}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{C269C8F6-93E4-4340-BA93-F52E49FC49F0}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{D03AFF1D-21E0-4231-90E0-156C65B1FF5A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{D790509C-86A0-4A0E-AA6C-59E5FAB15C63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E7C196D0-76B5-4263-A9DE-CF1C1169B79C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F1DE6163-8175-4D47-8CC4-E58A7D2E16EF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{F2E14084-A17B-4AF0-81C6-58F18F2E6838}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{70F6CE67-48A6-44F9-80ED-DE074B502785}" = Garfield's Typing Pal
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110082360}" = Alien Shooter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111640927}" = Shopmania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112868583}" = Chocolatier
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113759870}" = Burger Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233}" = Home Sweet Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11408540}" = Magic Match Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114326367}" = Blood Ties
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114462137}" = Babysitting Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114668510}" = Doggie Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114717227}" = Magic Farm
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114945627}" = Family Feud 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114964527}" = Cooking Academy
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115162883}" = Wedding Dash 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115231370}" = Build In Time
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115233673}" = Dream Day Wedding Married in Manhattan
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115267797}" = Fashion Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115369807}" = Sunshine Acres
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115561607}" = Anna`s Ice Cream
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116510433}" = Orchard
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117045150}" = Yard Sale Junkie
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117168453}" = Jessicas Cupcake Cafe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117244230}" = Wedding Dash Ready Aim Love
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117451913}" = Passport to Perfume™
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-1175830}" = Cooking Dash Diner Town Studios
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117762797}" = Kelly Green Garden Queen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11778787}" = Double Play Jojo’s Fashion Show 1 & 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117795997}" = Kitchen Brigade
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11807553}" = Hotel Dash Suite Success
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119352260}" = Cookie Domination
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119619927}" = Avenue Flo - Special Delivery
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A1F2EF0E-1EE5-4F0B-8A31-EE875EBD3F01}" = Mavis Beacon Teaches Typing 15
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B0E5D7E7-A106-458F-BA7B-2F8CAEA3BF16}" = PlayReady PC runtime
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B700113B-24A8-4D4C-8484-0CC944F764C8}" = Google SketchUp 8
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F429ED71-4A8B-457A-85E4-F6398CE73E58}" = AV Input Selection
"{F5F5364A-7B98-4E86-9B5B-9C916F9C8439}" = Guitar Praise
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"2002 Games" = 2002 Games
"7-Zip" = 7-Zip 9.20
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"AVG" = AVG 2011
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"Google Desktop" = Google Desktop
"Hax264 Codec_is1" = Hax264 Codec 2.1.0.8
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Lizard Safeguard - PDF Viewer_is1" = Lizard Safeguard - PDF Viewer 2.5.137
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Math Missions Grades 3-5" = Math Missions Grades 3-5
"Math Missions Grades K-2" = Math Missions Grades K-2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"Picasa 3" = Picasa 3
"Puzzle and Board XP Championship" = Puzzle and Board XP Championship
"SystemRequirementsLab" = System Requirements Lab
"Teach_Yourself_to_Play_Guitar_1.8" = Teach Yourself to Play Guitar 1.8.1
"Timez Attack" = Timez Attack
"Train Simulator 1.0" = Microsoft Train Simulator
"U.B. Funkeys" = U.B. Funkeys
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"Year 2 year-plan" = Year 2 year-plan
"Year 3 Curriculum" = Year 3 Curriculum
"Year 3 Interface" = Year 3 Interface

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Dad
"Free Realms Installer" = Free Realms Installer
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/21/2011 11:18:20 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2262

Error - 1/21/2011 11:18:20 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2262

Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3495

Error - 1/21/2011 11:18:22 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3495

Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4836

Error - 1/21/2011 11:18:23 AM | Computer Name = Dad-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4836

Error - 1/21/2011 12:44:08 PM | Computer Name = Dad-PC | Source = System Restore | ID = 8193
Description =

Error - 1/21/2011 12:44:08 PM | Computer Name = Dad-PC | Source = System Restore | ID = 8210
Description =

[ System Events ]
Error - 3/20/2011 7:47:53 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/20/2011 7:51:39 PM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/20/2011 11:51:13 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/21/2011 12:01:19 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/21/2011 12:07:21 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/21/2011 12:14:17 AM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 3/21/2011 12:08:16 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/21/2011 12:13:55 PM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 3/21/2011 12:31:06 PM | Computer Name = Dad-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 3/22/2011 5:02:27 AM | Computer Name = Dad-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =


< End of report >
 
OTL logs continued

OTL logfile created on: 3/22/2011 10:34:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dad\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.04 Gb Total Space | 47.19 Gb Free Space | 33.23% Space Free | Partition Type: NTFS
Drive D: | 142.04 Gb Total Space | 141.57 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Drive E: | 1.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAD-PC | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 21:13:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
PRC - [2011/03/11 11:59:38 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/28 18:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/02/17 09:37:06 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/17 09:36:42 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/02 21:18:36 | 000,294,544 | ---- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\CarbonitePreinstaller.exe
PRC - [2008/10/01 13:44:00 | 000,323,584 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe
PRC - [2008/10/01 13:44:00 | 000,319,488 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/10/01 13:43:56 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008/10/01 13:43:52 | 000,380,928 | ---- | M] (acer) -- C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
PRC - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/07/29 19:52:50 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/29 14:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 14:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2002/08/30 13:02:58 | 002,392,064 | ---- | M] (TLC Education Properties LLC) -- C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 15\MiniMavis.exe


========== Modules (SafeList) ==========

MOD - [2011/03/22 21:13:42 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dad\Downloads\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
SRV - [2011/01/28 18:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/07/09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/02/17 09:36:42 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2008/10/01 13:43:56 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008/07/29 19:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/05/20 19:50:50 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/29 14:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 14:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/10 21:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 12:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/07/09 16:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/05/29 09:38:54 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 14:02:49 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/18 14:02:49 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/17 09:40:23 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/02/17 09:38:23 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010/02/17 09:38:21 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/26 17:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/09/30 19:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/09/11 14:19:57 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WinDrvr6.sys -- (WinDriver6)
DRV - [2008/10/01 12:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/03/22 09:18:44 | 000,043,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/01/25 06:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007/10/12 02:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/14 20:03:08 | 000,068,922 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=1&o=vp32&d=1006&m=aspire_x1300


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=ACAW&bmod=ACUS
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/12/20 12:15:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/03/18 10:41:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/20 22:58:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/08 23:41:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/18 10:41:26 | 000,000,000 | ---D | M]

[2009/08/26 21:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Extensions
[2011/03/22 18:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions
[2009/08/31 12:48:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/21 17:12:49 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/18 09:17:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}-TRASH
[2009/10/21 17:12:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/26 10:32:55 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\svjtkm5q.default\extensions\support@ancestry.com
[2011/03/19 11:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/06 18:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/20 01:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 17:02:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/01/30 21:37:15 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2010/11/04 16:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2010/11/04 16:00:56 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
[2008/06/18 00:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/12 13:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\Program Files\Mozilla Firefox\plugins\npigl.dll
[2010/03/30 12:57:04 | 000,098,304 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
[2009/08/17 07:42:14 | 000,073,728 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

O1 HOSTS File: ([2011/03/20 22:14:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [EmpoweringTechnology] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-21-448598220-3968628860-416183352-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\nvLsp.dll (NVIDIA)
O15 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Dad\Pictures\desktop\Blue_Sky_and_Flowers.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dad\Pictures\desktop\Blue_Sky_and_Flowers.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 16:51:08 | 000,000,043 | RH-- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.H264 - C:\Program Files\Hax264\H264vfw.dll (Dave Haxton)
Drivers32: VIDC.JDCT - C:\Windows\System32\jl_jdct.drv (JEILIN Tech.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 17:07:06 | 000,083,968 | ---- | C] (eSage Lab) -- C:\Users\Dad\Desktop\remover.exe
[2011/03/21 10:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/03/21 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/03/20 23:00:32 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\AVG10
[2011/03/20 22:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011/03/20 22:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011/03/20 22:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/20 22:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/03/20 22:21:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/03/20 22:21:25 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Local\temp
[2011/03/20 21:59:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/03/20 21:59:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/03/20 21:59:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/03/20 21:59:33 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/03/20 21:59:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/20 21:59:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/03/20 17:49:41 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
[2011/03/19 17:05:12 | 000,000,000 | ---D | C] -- C:\Users\Dad\AppData\Roaming\Malwarebytes
[2011/03/19 17:05:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/19 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/19 17:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/19 17:04:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/19 17:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/19 15:20:49 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2011/03/18 09:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/18 09:47:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/18 09:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/18 09:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/08 16:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2011/03/08 16:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2011/02/24 04:03:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2009/01/19 17:37:43 | 000,049,152 | R--- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011/03/22 22:29:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 22:29:05 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/22 16:51:30 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/22 16:51:30 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/22 09:00:18 | 109,513,463 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/03/21 10:29:22 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011/03/21 10:28:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/21 10:28:52 | 2951,254,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 10:24:38 | 000,000,000 | ---- | M] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
[2011/03/20 22:59:23 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/20 22:14:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/03/19 17:05:00 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/18 10:41:26 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/18 09:48:51 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/17 22:43:03 | 000,001,600 | ---- | M] () -- C:\Users\Public\Desktop\Acer GameZone Online.lnk
[2011/03/17 09:30:19 | 000,063,482 | ---- | M] () -- C:\Users\Dad\Documents\Invoice 1039.pdf
[2011/03/14 17:13:16 | 000,065,297 | ---- | M] () -- C:\Users\Dad\Documents\decker bid.pdf
[2011/03/13 17:22:09 | 000,185,278 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/02/22 00:16:34 | 000,006,017 | ---- | M] () -- C:\Users\Dad\Documents\bio.pdf

========== Files Created - No Company Name ==========

[2011/03/20 22:59:23 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/03/20 21:59:39 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/03/20 21:59:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/03/20 21:59:39 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/03/20 21:59:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/03/20 21:59:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/03/19 17:05:00 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/18 09:48:51 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/17 09:30:18 | 000,063,482 | ---- | C] () -- C:\Users\Dad\Documents\Invoice 1039.pdf
[2011/03/14 17:13:15 | 000,065,297 | ---- | C] () -- C:\Users\Dad\Documents\decker bid.pdf
[2011/02/24 04:01:11 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/02/24 04:01:11 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/02/24 04:01:09 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/02/22 00:16:33 | 000,006,017 | ---- | C] () -- C:\Users\Dad\Documents\bio.pdf
[2011/01/05 10:27:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/05 10:26:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/28 16:55:14 | 000,000,000 | ---- | C] () -- C:\Windows\Mavis Beacon Teaches Typing.INI
[2010/10/20 13:17:02 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/10/11 22:34:25 | 000,111,797 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/10/11 22:34:24 | 000,111,797 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/08/02 18:35:55 | 000,009,728 | ---- | C] () -- C:\Windows\System32\uc_karos_launching.dll
[2010/07/22 22:02:06 | 000,173,296 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/07/09 20:52:26 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/07/05 14:56:34 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Local\prvlcl.dat
[2010/06/17 21:20:38 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/03/12 23:32:32 | 000,000,000 | ---- | C] () -- C:\Windows\Xscan.INI
[2009/11/29 21:27:32 | 000,001,356 | ---- | C] () -- C:\Users\Dad\AppData\Local\d3d9caps.dat
[2009/10/22 10:03:09 | 000,000,000 | ---- | C] () -- C:\Users\Dad\AppData\Roaming\wklnhst.dat
[2009/09/30 20:42:36 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2009/09/30 17:14:14 | 000,000,201 | ---- | C] () -- C:\Windows\PowerReg.dat
[2009/09/30 17:05:37 | 000,000,196 | ---- | C] () -- C:\Windows\EPSON 1260_1660 Installer.ini
[2009/09/10 17:03:15 | 000,036,697 | ---- | C] () -- C:\Windows\System32\OggDSuninst.exe
[2009/09/03 12:38:47 | 000,024,576 | ---- | C] () -- C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/02 08:20:16 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/26 23:04:51 | 000,000,120 | ---- | C] () -- C:\Windows\CIS_Setup_3.11.108364.552_XP_Vista_x32.INI
[2009/08/26 21:57:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/01/19 19:42:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009/01/19 19:20:09 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009/01/19 19:20:09 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009/01/19 18:27:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2007/03/30 13:31:20 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dec_jl6.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,389,888 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/10 19:22:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2006/10/10 19:22:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2006/10/10 19:13:29 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/09/29 05:24:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/09/29 05:23:16 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/09/29 05:23:14 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/09/29 05:23:07 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2009/08/26 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer
[2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Acer GameZone Console
[2010/07/23 11:46:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Amazon
[2011/03/20 23:00:32 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\AVG10
[2009/09/03 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Blitware
[2010/07/10 01:25:05 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\BloodTies
[2010/12/06 14:38:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Boomzap
[2010/12/28 16:59:18 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\Broderbund
[2010/11/04 16:01:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Catalina Marketing Corp
[2010/07/08 18:33:13 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\CupcakeCafe
[2010/01/30 21:37:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eMusic
[2009/09/30 20:42:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\EPSON
[2009/08/31 09:08:29 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\eSobi
[2010/07/21 16:58:17 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Gamelab
[2010/02/05 14:29:37 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009/12/22 01:41:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Home Sweet Home
[2010/08/02 18:59:57 | 000,000,000 | -H-D | M] -- C:\Users\Dad\AppData\Roaming\ijjigame
[2010/05/28 16:39:39 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\iWin
[2009/08/26 21:43:43 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Leadertech
[2009/09/11 22:46:23 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\LockLizard
[2009/08/26 22:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Meridian93
[2010/03/22 15:53:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\oberon
[2011/03/21 10:57:28 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\PlayFirst
[2010/07/09 20:53:02 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Sudden Games
[2010/10/11 22:50:34 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\SystemRequirementsLab
[2009/11/27 23:40:25 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Template
[2010/12/25 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\WeatherBug
[2010/12/17 19:05:09 | 000,000,000 | ---D | M] -- C:\Users\Dad\AppData\Roaming\Webshots
[2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Acer GameZone Console
[2009/01/19 20:06:13 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Acer GameZone Console
[2011/03/21 10:27:32 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/01/19 17:38:19 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/03/20 22:21:20 | 000,021,649 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/12 13:30:37 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010/12/12 13:30:37 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2011/03/21 10:28:52 | 2951,254,016 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/10 17:17:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/10 17:17:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/02/12 13:30:16 | 000,164,352 | ---- | M] (Indiepath Ltd) -- C:\npigl.dll
[2007/02/09 07:55:54 | 000,000,283 | ---- | M] () -- C:\npigl.xpt
[2011/03/21 10:28:51 | 3265,060,864 | -HS- | M] () -- C:\pagefile.sys
[2009/01/19 19:20:47 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log

< %systemroot%\Fonts\*.com >
[2006/11/02 06:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 06:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 06:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/01/05 10:48:32 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 20:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
[2008/01/20 20:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 06:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2006/10/19 11:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 11:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2008/12/05 00:55:20 | 000,307,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 20:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/01/05 11:09:39 | 000,000,286 | -HS- | M] () -- C:\Users\Dad\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010/09/01 15:33:49 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\Dad\Desktop\remover.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/01/05 11:09:06 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/01/05 11:08:36 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2010/10/11 22:34:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2010/10/11 22:34:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/01/05 11:08:36 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/08/26 21:43:33 | 000,000,402 | -HS- | M] () -- C:\Users\Dad\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/21 17:51:54 | 000,111,797 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========
 
the rest of the OTL logs

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:D30CE047
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:95B7F1EC
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:2CD14F7E
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CC174F28
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2D61FFEE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B61DB9F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4A1F01E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7079A696
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E54FA796
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:59D05D9A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7091055F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C3112F12
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8D899C22
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DAFD38AE

< End of report >


Thanks for your help. I know you are helping a lot of others, so I appreciate it.
The computer seems to be running better. When it's clean I will see if it lets me install my updates and I may have just a couple more questions for you.

Thanks
Kendra

P.S When I post this the last line of the OTL log comes up with a green smiley face on this. Maybe it's supposed to do that, but if not in my log instead of a smiley face I have a letter D
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
SRV - File not found [On_Demand | Stopped] -- -- (GoogleDesktopManager-092308-165331)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O15 - HKU\S-1-5-21-448598220-3968628860-416183352-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:615435BE
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:D30CE047
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:95B7F1EC
@Alternate Data Stream - 183 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:2CD14F7E
@Alternate Data Stream - 180 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:A724744F
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3B3A35EC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CC174F28
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:2D61FFEE
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B61DB9F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:03033228
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:860D9052
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:4C97EF04
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:C4A1F01E
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:7079A696
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E54FA796
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:59D05D9A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7091055F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:002640E3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C3112F12
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F3176E45
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8D899C22
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:7CACEF61
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:798A3728
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DAFD38AE

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Service GoogleDesktopManager-092308-165331 stopped successfully!
Service GoogleDesktopManager-092308-165331 deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-448598220-3968628860-416183352-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
ADS C:\ProgramData\TEMP:FA8B212D deleted successfully.
ADS C:\ProgramData\TEMP:615435BE deleted successfully.
ADS C:\ProgramData\TEMP:D30CE047 deleted successfully.
ADS C:\ProgramData\TEMP:95B7F1EC deleted successfully.
ADS C:\ProgramData\TEMP:128A6DC9 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:2CD14F7E deleted successfully.
ADS C:\ProgramData\TEMP:5216CD26 deleted successfully.
ADS C:\ProgramData\TEMP:A42A9F39 deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:A724744F deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:3AE22B1A deleted successfully.
ADS C:\ProgramData\TEMP:4E903DEB deleted successfully.
ADS C:\ProgramData\TEMP:ABE89FFE deleted successfully.
ADS C:\ProgramData\TEMP:3B3A35EC deleted successfully.
ADS C:\ProgramData\TEMP:CC174F28 deleted successfully.
ADS C:\ProgramData\TEMP:2D61FFEE deleted successfully.
ADS C:\ProgramData\TEMP:0B61DB9F deleted successfully.
ADS C:\ProgramData\TEMP:EB603FE4 deleted successfully.
ADS C:\ProgramData\TEMP:03033228 deleted successfully.
ADS C:\ProgramData\TEMP:FD444D31 deleted successfully.
ADS C:\ProgramData\TEMP:5E3FBF9D deleted successfully.
ADS C:\ProgramData\TEMP:41099CE9 deleted successfully.
ADS C:\ProgramData\TEMP:860D9052 deleted successfully.
ADS C:\ProgramData\TEMP:4C97EF04 deleted successfully.
ADS C:\ProgramData\TEMP:C4A1F01E deleted successfully.
ADS C:\ProgramData\TEMP:7079A696 deleted successfully.
ADS C:\ProgramData\TEMP:E54FA796 deleted successfully.
ADS C:\ProgramData\TEMP:59D05D9A deleted successfully.
ADS C:\ProgramData\TEMP:7091055F deleted successfully.
ADS C:\ProgramData\TEMP:002640E3 deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:C0D722EB deleted successfully.
ADS C:\ProgramData\TEMP:C40E212B deleted successfully.
ADS C:\ProgramData\TEMP:C3112F12 deleted successfully.
ADS C:\ProgramData\TEMP:F3176E45 deleted successfully.
ADS C:\ProgramData\TEMP:8D899C22 deleted successfully.
ADS C:\ProgramData\TEMP:7CACEF61 deleted successfully.
ADS C:\ProgramData\TEMP:798A3728 deleted successfully.
ADS C:\ProgramData\TEMP:AB689DEA deleted successfully.
ADS C:\ProgramData\TEMP:DAFD38AE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Dad
->Temp folder emptied: 6337396 bytes
->Temporary Internet Files folder emptied: 1414179 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 47842219 bytes
->Flash cache emptied: 63929 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 236130 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Dad
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03232011_142455

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.2
Out of date Adobe Reader installed!
Mozilla Firefox (3.5.17) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````
 
Update Internet Explorer to version 9.

Update Firefox to version 4.0.

...and Eset scan....
 
Eset log

C:\Program Files\Acer Arcade Live\Acer HomeMedia Trial Creator\Export\SoftDMA_Trial\Autorun.inf INF/Autorun.gen trojan
C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application
C:\Program Files\iWonEI\Installr\1.bin\jfEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll.vir a variant of Win32/Adware.Toolbar.Dealio application
C:\_OTL\MovedFiles\03232011_142455\C_Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application


Updating Mozilla and IE now
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back