Jump to content

Please help with this log


Recommended Posts

My daughter laptop had some infections detected by MWB. However, it is still running slow. Additionally, I have another PC on my home network that is infected with zeroaccess infection that has been insserted into tcp/ip stack. I'm not sure if this may have propagated to her laptop.

Here is hjt log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:34:02 PM, on 6/27/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Fallon\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\Taskmgr.exe

C:\Program Files\Registry Mechanic\upgrade.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup

O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe

O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"

O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"

O4 - HKLM\..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-21-1998233532-487228089-2655391932-1000\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Fallon')

O4 - HKUS\S-1-5-21-1998233532-487228089-2655391932-1000\..\Run: [Acer Tour Reminder] (User 'Fallon')

O4 - HKUS\S-1-5-21-1998233532-487228089-2655391932-1000\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Fallon')

O4 - HKUS\S-1-5-21-1998233532-487228089-2655391932-1000\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Fallon')

O4 - S-1-5-21-1998233532-487228089-2655391932-1000 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Fallon')

O4 - S-1-5-21-1998233532-487228089-2655391932-1000 User Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Fallon')

O4 - Global Startup: Empowering Technology Launcher.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab

O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} (WebSlingPlayer) - http://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab

O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} (FamilyFeud Control) - http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe

O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 11880 bytes

Link to post
Share on other sites

Hello rysktkr! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here for DDS:

http://forums.malwarebytes.org/index.php?showtopic=9573

Also, I would like to see the log file from Malwarebytes' Anti-Malware.

Don't worry for the laptop, but about the other computer, the problem is serious and I suggest you open a topic for it.

Link to post
Share on other sites

Hi MrC,

Here are the requested logs:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Linda at 8:00:24 on 2012-06-28

Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.161 [GMT -7:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\agrsmsvc.exe

C:\Acer\ALaunch\ALaunchSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Windows\RtHDVCpl.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Acer\Acer Arcade\PCMService.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\Shared Files\brs.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\System32\wpcumi.exe

C:\Windows\WindowsMobile\wmdSync.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Users\Linda\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint2K\ApMsgFwd.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://en.us.acer.yahoo.com

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: H - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [Acer Tour Reminder]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup

mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe

mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe

mRun: [skytel] Skytel.exe

mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"

mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

LSP: c:\windows\system32\wpclsp.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab

DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AE3C0EED-CF5E-481E-BFF7-0EEEDCC9A3BE} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B5A6F3AD-88CD-452C-B0E8-E6FFCC8CE4B6} : DhcpNameServer = 192.168.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\windows\system32\eNetHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\j983f3bc.default\

FF - plugin: c:\users\linda\appdata\roaming\mozilla\firefox\profiles\j983f3bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

.

============= SERVICES / DRIVERS ===============

.

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-6-27 40776]

.

=============== Created Last 30 ================

.

2012-06-28 03:16:03 388096 ----a-r- c:\users\linda\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2012-06-28 03:15:53 -------- d-----w- c:\program files\Trend Micro

2012-06-27 21:54:35 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-27 21:54:35 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-27 21:54:35 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-27 21:51:47 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-26 21:25:02 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{94e813c5-29a6-474b-8a7c-7c90c11cd984}\offreg.dll

2012-06-26 21:04:25 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{94e813c5-29a6-474b-8a7c-7c90c11cd984}\mpengine.dll

2012-06-26 20:54:35 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-26 20:53:28 2045440 ----a-w- c:\windows\system32\win32k.sys

2012-06-26 19:42:02 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-26 19:39:08 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-26 19:37:37 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-26 19:37:37 171904 ----a-w- c:\windows\system32\wuwebv.dll

.

==================== Find3M ====================

.

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-04 22:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 8:03:24.63 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume2

Install Date: 11/27/2007 10:38:47 PM

System Uptime: 6/28/2012 6:39:59 AM (2 hours ago)

.

Motherboard: Acer | | Acadia

Processor: Intel® Celeron® CPU 540 @ 1.86GHz | uPGA-478 | 1862/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 70 GiB total, 12.751 GiB free.

D: is FIXED (NTFS) - 70 GiB total, 50.877 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft ISATAP Adapter

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Microsoft ISATAP Adapter #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft Tun Miniport Adapter

Device ID: ROOT\*TUNMP\0001

Manufacturer: Microsoft

Name: Microsoft Tun Miniport Adapter #2

PNP Device ID: ROOT\*TUNMP\0001

Service: tunmp

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

Acer Arcade

Acer Assist

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GridVista

Acer Mobility Center Plug-In

Acer Registration

Acer ScreenSaver

Acer Tour

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.0

Adobe Shockwave Player 11.5

Agere Systems HDA Modem

ALPS Touch Pad Driver

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Big Kahuna Reef 2

Bonjour

Bricks of Egypt

CyberLink PowerDVD 9

Disney Toontown Online

DVDFab 8.1.2.0 (15/09/2011) Qt

Dynasty

ESET Online Scanner v3

Galapago

Google Toolbar for Internet Explorer

Google Update Helper

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Intel® Graphics Media Accelerator Driver

iTunes

Jewel Quest Solitaire

Launch Manager

LightScribe 1.4.142.1

LiveUpdate 3.3 (Symantec Corporation)

Luxor 2

MAGIX Ringtone Maker 2 e-version (US)

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office XP Professional with FrontPage

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Microsoft XML Parser

MobileMe Control Panel

Mozilla Firefox 5.0 (x86 en-US)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Rescue

Mystery Case Files - Prime Suspects

Mystery Case Files Ravenhearst

NTI Backup NOW! 4.7

NTI CD & DVD-Maker

PowerProducer 3.72

QuickTime

Realtek High Definition Audio Driver

Registry Mechanic 10.0

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SlingPlayer

Symantec Endpoint Protection

Treasures of the Deep

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VoiceOver Kit

Warcraft III

WebSlingPlayer ActiveX

WinRAR archiver

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

6/27/2012 2:41:47 PM, Error: EventLog [6008] - The previous system shutdown at 1:09:51 PM on 6/27/2012 was unexpected.

6/27/2012 12:47:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.

6/27/2012 12:46:28 PM, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: Security must be initialized before any interfaces are marshalled or unmarshalled. It cannot be changed once initialized.

6/27/2012 12:45:22 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.

6/27/2012 12:44:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

6/27/2012 11:32:33 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

6/27/2012 11:26:20 AM, Error: EventLog [6008] - The previous system shutdown at 7:15:52 PM on 6/26/2012 was unexpected.

6/26/2012 4:54:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.

6/26/2012 12:14:56 PM, Error: EventLog [6008] - The previous system shutdown at 11:52:19 AM on 6/18/2012 was unexpected.

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-tw-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-hk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-zh-cn-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-uk-ua-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-tr-tr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-th-th-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sv-se-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sr-latn-cs-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sl-si-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-sk-sk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ru-ru-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ro-ro-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-pt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pt-br-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ps-ps-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-pl-pl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nl-nl-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-Neutral from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-nb-no-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lv-lv-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-lt-lt-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ko-kr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ja-jp-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-it-it-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hu-hu-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-hr-hr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-he-il-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fr-fr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-fi-fi-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-et-ee-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-es-es-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP from package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP(Feature Pack) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-en-us-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-el-gr-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-de-de-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-da-dk-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-cs-cz-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-bg-bg-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WUClient-SelfUpdate-Aux-ar-sa-LP-Toplevel from package KBWUClient-SelfUpdate-Aux(Feature Pack) into Absent(Absent) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxResourcesLP from package WindowsUpdateClient-SelfUpdate-Aux-Package(Language Pack) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update AuxComp from package WindowsUpdateClient-SelfUpdate-Aux-Package(Update) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US(Language Pack) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Aux from package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package(Update) into Staged(Staged) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WUClient-SelfUpdate-Aux-Package-en-us-MiniLP (Feature Pack) into Install Requested(Install Requested) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Update) into Install Requested(Install Requested) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-Package (Language Pack) into Install Requested(Install Requested) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package_en-US (Language Pack) into Install Requested(Install Requested) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsUpdateClient-SelfUpdate-Aux-AuxComp-Package (Update) into Install Requested(Install Requested) state

6/26/2012 1:03:37 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KBWUClient-SelfUpdate-Aux (Feature Pack) into Install Requested(Install Requested) state

.

==== End Of File ===========================

Link to post
Share on other sites

Here it is.

FYI another computer on my home network has ZeroAccess inserted into TCP/IP stack. I am concerned that it may have spread to this computer. Not sure if MBAM detects this infection.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.28.09

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Linda :: FALLON-LAPTOP [administrator]

6/28/2012 10:40:36 AM

mbam-log-2012-06-28 (10-40-36).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 363163

Time elapsed: 1 hour(s), 21 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The latest MBAM log was posted above. This is after I had MBAM clean the infections detected in the previous scan. Here is the previous scan with the infections detected:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.27.11

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Linda :: FALLON-LAPTOP [administrator]

6/27/2012 2:53:03 PM

mbam-log-2012-06-27 (14-53-03).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 343560

Time elapsed: 2 hour(s), 27 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKCR\CLSID\{0e32fcd4-7f06-4768-9f2b-869dc2ffffae} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

HKCR\TypeLib\{af25082c-7883-4ac5-9d15-784f3cfc78df} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

HKCR\Interface\{7906EEF8-33D6-442A-A07A-11A9A5701935} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

HKCR\GuffinsInstaller.Start.1 (PUP.FunWebProducts) -> Quarantined and deleted successfully.

HKCR\GuffinsInstaller.Start (PUP.FunWebProducts) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\Program Files\GuffinsEI\Installr\1.bin\u4EZSETP.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QOR9L9UR\Guffins.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

This is adware. You can find more information here:

http://www.networkworld.com/newsletters/web/2003/1208web2.html

Let's see if there are any leftovers:

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

On my other computer we were not able to detect ZeroAcces infection with MBAM. We only found it using combofix.

OTL logfile created on: 6/29/2012 4:22:09 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Linda\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 73.02 Mb Available Physical Memory | 7.21% Memory free

2.80 Gb Paging File | 1.10 Gb Available in Paging File | 39.39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.77 Gb Total Space | 11.52 Gb Free Space | 16.51% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 50.88 Gb Free Space | 73.19% Space Free | Partition Type: NTFS

Computer Name: FALLON-LAPTOP | User Name: Linda | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 16:21:30 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Linda\Downloads\OTL.exe

PRC - [2012/03/03 00:27:11 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2011/12/26 11:33:38 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe

PRC - [2011/07/19 22:30:16 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Linda\AppData\Local\temp\RtkBtMnt.exe

PRC - [2010/08/05 09:46:08 | 001,594,328 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\Upgrade.exe

PRC - [2010/08/05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2010/08/05 09:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/30 17:54:16 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe

PRC - [2009/03/30 14:07:34 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2009/03/30 14:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2009/03/30 14:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2009/03/30 14:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2009/03/30 14:07:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2009/02/16 09:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2007/07/15 22:51:44 | 000,768,520 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2007/07/05 20:06:00 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2007/06/21 18:25:46 | 000,118,464 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe

PRC - [2007/06/21 18:25:44 | 000,257,736 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe

PRC - [2007/06/21 18:25:22 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe

PRC - [2007/06/21 18:24:12 | 001,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe

PRC - [2007/06/05 10:13:28 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/05/22 15:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2007/05/22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2007/05/16 22:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2007/05/16 18:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/04/25 16:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

PRC - [2007/04/25 11:35:56 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2007/02/09 07:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2007/01/26 14:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe

PRC - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

PRC - [2006/11/02 05:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

PRC - [2006/11/02 02:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe

PRC - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/27 15:08:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll

MOD - [2012/06/27 15:07:25 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll

MOD - [2012/06/27 12:39:20 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/27 12:37:12 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/26 14:16:53 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/06/26 14:10:44 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/06/26 14:10:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/06/26 12:19:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/06/26 12:17:37 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/06/26 12:17:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\util\WinRAR\RarExt.dll

MOD - [2007/06/21 18:25:52 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll

MOD - [2007/06/21 18:25:52 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll

MOD - [2007/06/21 18:25:52 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll

MOD - [2007/06/05 10:13:32 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

MOD - [2007/06/05 10:13:14 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

MOD - [2007/06/05 10:13:04 | 000,983,040 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

MOD - [2007/06/05 10:12:58 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

MOD - [2007/05/22 15:00:04 | 000,249,856 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

MOD - [2007/04/25 16:31:00 | 000,028,672 | ---- | M] () -- C:\Windows\System32\BatchCrypto.dll

MOD - [2007/04/25 16:30:44 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007/04/25 11:35:34 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2007/04/25 11:35:10 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2007/04/11 16:42:40 | 000,307,200 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

MOD - [2007/03/14 11:00:08 | 000,831,488 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll

MOD - [2007/02/13 07:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2007/02/07 09:25:00 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2003/06/06 22:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2009/03/30 14:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)

SRV - [2009/03/30 14:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2009/03/30 14:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2009/03/30 14:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2009/03/30 14:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2009/03/30 14:07:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/19 00:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2008/01/19 00:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

SRV - [2007/08/11 20:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2007/06/21 18:25:46 | 000,118,464 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)

SRV - [2007/06/21 18:25:44 | 000,257,736 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)

SRV - [2007/06/21 18:24:12 | 001,076,832 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)

SRV - [2007/06/05 10:13:28 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/05/22 15:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007/05/16 22:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007/04/25 16:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/03/14 10:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007/02/13 07:26:50 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2007/01/26 14:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)

SRV - [2006/11/24 12:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2006/10/04 21:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Linda\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/05/31 01:00:00 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/05/31 01:00:00 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/05/16 01:00:00 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120628.018\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/05/16 01:00:00 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20120628.018\NAVENG.SYS -- (NAVENG)

DRV - [2009/07/10 13:56:59 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/03/30 17:53:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/10 11:11:27] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})

DRV - [2009/03/30 14:07:34 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2009/03/30 14:07:34 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2009/03/30 14:07:34 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2009/03/30 14:07:28 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007/06/18 03:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/06/13 19:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/03/08 23:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)

DRV - [2007/01/29 22:23:30 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/12/07 19:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/11/02 06:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/09/19 17:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 8A 6F 37 F2 54 CD 01 [binary data]

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPTB_enUS288

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@ei.Guffins.com/Plugin: C:\Program Files\GuffinsEI\Installr\1.bin\NPu4EISB.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/27 17:42:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/06/27 15:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Extensions

[2011/06/30 17:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\extensions

[2011/06/30 17:42:09 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2011/06/27 14:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/12 03:03:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/06/15 21:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/30 12:47:47 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)

O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)

O4 - HKLM..\Run: [bDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001..\Run: [Acer Tour Reminder] File not found

O4 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Fallon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O15 - HKU\S-1-5-21-1998233532-487228089-2655391932-1001\..Trusted Domains: 0.0.1 ([127] * in Computer)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)

O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)

O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab (WebSlingPlayer)

O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab (FamilyFeud Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE3C0EED-CF5E-481E-BFF7-0EEEDCC9A3BE}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5A6F3AD-88CD-452C-B0E8-E6FFCC8CE4B6}: DhcpNameServer = 192.168.0.1

O20 - AppInit_DLLs: (C:\Windows\System32\eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 07:57:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Linda\Desktop\dds.scr

[2012/06/28 07:24:58 | 000,000,000 | R--D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerDVD 9

[2012/06/27 20:15:58 | 000,000,000 | ---D | C] -- C:\Users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/06/27 20:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

========== Files - Modified Within 30 Days ==========

[2012/06/29 16:01:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/06/29 15:55:21 | 000,000,632 | RHS- | M] () -- C:\Users\Linda\ntuser.pol

[2012/06/29 15:06:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 15:06:48 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/29 14:53:39 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012/06/28 21:02:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/06/28 20:58:36 | 000,000,254 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job

[2012/06/28 08:04:55 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/28 08:04:55 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/28 07:57:49 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Linda\Desktop\dds.scr

[2012/06/28 03:24:59 | 1063,329,792 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/27 20:15:59 | 000,001,948 | ---- | M] () -- C:\Users\Linda\Desktop\HiJackThis.lnk

[2012/06/27 14:51:33 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/27 14:46:01 | 000,000,680 | ---- | M] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat

[2012/06/27 12:20:45 | 000,326,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/27 20:15:59 | 000,001,948 | ---- | C] () -- C:\Users\Linda\Desktop\HiJackThis.lnk

[2011/12/26 11:47:29 | 000,005,120 | ---- | C] () -- C:\Users\Linda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/29 16:47:29 | 000,029,239 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\UserTile.png

[2010/12/08 16:46:45 | 000,000,680 | ---- | C] () -- C:\Users\Linda\AppData\Local\d3d9caps.dat

[2010/11/25 15:14:21 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe

[2008/08/12 12:16:02 | 000,031,906 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\com.kennettnet.MusicRescue4.Profiles.plist

[2008/08/12 11:10:19 | 000,931,097 | ---- | C] () -- C:\Users\Linda\AppData\Roaming\com.kennettnet.MusicRescue4.plist

[2008/08/09 12:04:57 | 000,000,632 | RHS- | C] () -- C:\Users\Linda\ntuser.pol

========== LOP Check ==========

[2008/03/25 10:40:58 | 000,000,000 | ---D | M] -- C:\Users\Fallon\AppData\Roaming\Acer

[2008/03/25 10:40:55 | 000,000,000 | ---D | M] -- C:\Users\Fallon\AppData\Roaming\Leadertech

[2008/08/09 12:05:56 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Acer

[2011/12/26 11:48:52 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\DVDFab

[2008/08/09 12:05:54 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Leadertech

[2011/12/29 12:15:40 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\MoveFab

[2011/06/29 16:47:16 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\PeerNetworking

[2011/06/30 17:42:42 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\QuickScan

[2010/04/08 09:08:17 | 000,000,000 | ---D | M] -- C:\Users\Linda\AppData\Roaming\Sling Media

[2012/06/28 20:58:36 | 000,000,254 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job

[2012/06/28 03:23:18 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/20 22:31:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2ECAE152-400F-4AEE-B685-F140C8E3661A}.job

[2011/04/02 20:46:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{307C4116-25B9-4330-930D-E68F9CA585BB}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/29/2012 4:22:09 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Linda\Downloads

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.33 Mb Total Physical Memory | 73.02 Mb Available Physical Memory | 7.21% Memory free

2.80 Gb Paging File | 1.10 Gb Available in Paging File | 39.39% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69.77 Gb Total Space | 11.52 Gb Free Space | 16.51% Space Free | Partition Type: NTFS

Drive D: | 69.52 Gb Total Space | 50.88 Gb Free Space | 73.19% Space Free | Partition Type: NTFS

Computer Name: FALLON-LAPTOP | User Name: Linda | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0674CF8F-199D-42F7-9A3E-0680A9D92177}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{5A6D435F-FEB0-419C-AF01-DFB71B9D3803}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{73E09230-689B-4E6E-BE18-5BA6D7150264}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{DD69E5BC-D277-43F0-AA9C-DBA8FA9920AA}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E40C075D-CEBA-4C09-B9F4-E12609EACC70}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{E73C8F30-7300-41B6-9930-53907B5878B3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F31FC199-2675-4C6E-8839-79E2C8F1A24E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

"{F5DB00C6-9A75-46CA-8569-2500735338C2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{081A4CD1-C0B2-4368-8E71-24E124956C7B}" = dir=in | app=c:\program files\acer\homemedia\homemedia.exe |

"{10740A29-CF7B-405B-88FE-D8FD5C55683D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |

"{1DAFBD79-0432-440C-A655-2906C5B595D4}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |

"{2A9FC568-5005-4BFB-834D-68EB95BCE3E2}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |

"{2F1B97F6-1106-40D0-92CE-A1C4CDC4541A}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dmp\clbrowserengine.exe |

"{35EE5240-5166-406B-84B8-ED1C4AF0592C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3D3D4454-AA33-41F6-A4FC-0F5A3B9E051C}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |

"{4B08337C-88B3-402B-AF73-5F3E95BDB5DF}" = dir=in | app=c:\program files\acer\acer arcade\powercinema.exe |

"{54165D62-39B8-4B1B-A553-E9E57EDAA749}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{77E46DE3-774F-4507-A918-63D912450DEE}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{8D4FC9BB-F820-41AE-A5C6-BB1B8A4C62AB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{928079C7-9278-476D-A392-DF3B408FD630}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dms\clmsservice.exe |

"{9CDEF0E9-EF51-43A1-91CE-76CDDFFF800A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A2C91B1F-23DD-4A0A-8096-761E566D59D2}" = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe |

"{D44762BA-9648-4C43-ACA5-2B1E873A7ABF}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |

"{D8B59997-BAAD-4F27-815F-AF5B1168A1EF}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{F235D674-4139-4CE8-AC82-6A43B74D4A4D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{F3FA8232-89CF-4FC0-953F-BACBAD53D4FF}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |

"{FD2C9F25-7866-401D-B614-213048EC7031}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"TCP Query User{4AD9C690-F277-48AF-A2BE-CFBBA6D59238}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=6 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |

"TCP Query User{4B9A7058-EE3D-47D7-99DB-429A19D23B7B}C:\program files\i spy spooky mansion\_spooky.exe" = protocol=6 | dir=in | app=c:\program files\i spy spooky mansion\_spooky.exe |

"TCP Query User{BCA2951E-2E97-4C3C-8591-D8B3C92B948F}C:\program files\i spy spooky mansion\_spooky.exe" = protocol=6 | dir=in | app=c:\program files\i spy spooky mansion\_spooky.exe |

"TCP Query User{F299DDEA-1267-4C1E-AA86-52FC834040F0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{3EFBC099-61AE-42EB-B70D-2050BA44C8CA}C:\program files\sling media\slingplayer\slingplayer.exe" = protocol=17 | dir=in | app=c:\program files\sling media\slingplayer\slingplayer.exe |

"UDP Query User{9F76AD5A-D312-4E44-A910-2C52E9F7916D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{A25E4FE8-4F36-477B-BD29-12B164A366B4}C:\program files\i spy spooky mansion\_spooky.exe" = protocol=17 | dir=in | app=c:\program files\i spy spooky mansion\_spooky.exe |

"UDP Query User{C0898B92-6D80-4BFF-BA36-F2AF44D9B58A}C:\program files\i spy spooky mansion\_spooky.exe" = protocol=17 | dir=in | app=c:\program files\i spy spooky mansion\_spooky.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade

"{3364BD16-5A28-4862-86A1-A8FF5FD23919}" = Music Rescue

"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111263673}" = Treasures of the Deep

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111271497}" = Mystery Case Files - Prime Suspects

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111310630}" = Big Kahuna Reef 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}" = Dynasty

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112179547}" = Mystery Case Files Ravenhearst

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72

"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}" = Safari

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Disney Toontown Online" = Disney Toontown Online

"DVDFab 8 Qt_is1" = DVDFab 8.1.2.0 (15/09/2011) Qt

"ESET Online Scanner" = ESET Online Scanner v3

"GridVista" = Acer GridVista

"HDMI" = Intel® Graphics Media Accelerator Driver

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer

"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9

"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)

"LManager" = Launch Manager

"MAGIX Ringtone Maker 2 e-version US" = MAGIX Ringtone Maker 2 e-version (US)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)

"Registry Mechanic_is1" = Registry Mechanic 10.0

"Warcraft III" = Warcraft III

"WebSlingPlayer ActiveX" = WebSlingPlayer ActiveX

"WinRAR archiver" = WinRAR archiver

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/28/2011 10:07:32 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 22526

Error - 2/28/2011 10:07:32 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 22526

Error - 2/28/2011 10:07:33 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/28/2011 10:07:33 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 23571

Error - 2/28/2011 10:07:33 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 23571

Error - 2/28/2011 10:07:34 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/28/2011 10:07:34 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 24695

Error - 2/28/2011 10:07:34 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 24695

Error - 2/28/2011 10:07:42 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2/28/2011 10:07:42 PM | Computer Name = Fallon-Laptop | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 32682

[ System Events ]

Error - 6/27/2012 3:46:28 PM | Computer Name = Fallon-Laptop | Source = Service Control Manager | ID = 7023

Description =

Error - 6/27/2012 3:46:53 PM | Computer Name = Fallon-Laptop | Source = Service Control Manager | ID = 7011

Description =

Error - 6/27/2012 3:46:55 PM | Computer Name = Fallon-Laptop | Source = DCOM | ID = 10010

Description =

Error - 6/27/2012 3:47:23 PM | Computer Name = Fallon-Laptop | Source = Service Control Manager | ID = 7011

Description =

Error - 6/27/2012 3:47:53 PM | Computer Name = Fallon-Laptop | Source = Service Control Manager | ID = 7011

Description =

Error - 6/27/2012 5:41:47 PM | Computer Name = Fallon-Laptop | Source = EventLog | ID = 6008

Description = The previous system shutdown at 1:09:51 PM on 6/27/2012 was unexpected.

Error - 6/28/2012 6:21:27 AM | Computer Name = Fallon-Laptop | Source = DCOM | ID = 10010

Description =

Error - 6/28/2012 6:21:58 AM | Computer Name = Fallon-Laptop | Source = DCOM | ID = 10010

Description =

Error - 6/28/2012 3:31:20 PM | Computer Name = Fallon-Laptop | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

Error - 6/29/2012 9:01:20 AM | Computer Name = Fallon-Laptop | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

< End of report >

Link to post
Share on other sites

On my other computer we were not able to detect ZeroAcces infection with MBAM. We only found it using combofix.

Learned about your computer, but here we are dealing with your daughter's computer, please keep me informed about its condition. You have a thread for your computer separately?

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Here are the results:

All processes killed

Error: Unable to interpret <:OTLIE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_091319

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Your script was not activated. Please try again, but this time make sure your script in OTL looks like this:

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found

:Commands
[emptytemp]
[clearallrestorepoints]

Every entry should be on a new line.

Link to post
Share on other sites

OTL started executing the script then crashed the computer. Here is the log that run produced:

All processes killed

Error: Unable to interpret <:OTLIE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_130926

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

:OTLIE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value foundIE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found:Commands[emptytemp][clearallrestorepoints]

Link to post
Share on other sites

Here is the latest OTL log file. Wasn't clear to me whether OTL finished its scan successfully. This log appeared after I rebooted because it looked like OTL was no longer working. I didn't see anything from OTL on my desktop.

Files\Folders moved on Reboot...

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\0[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\0[2].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\csc-render[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\ext-render-secure[3].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\fastbutton[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\st[1] moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\0[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\0[2].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\launch[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\MainView[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVF1H0KU\index[8].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVF1H0KU\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\fc[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\xframe-proxy_20110929[1].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\xframe-proxy_20110929[2].htm moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\0[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\0[2].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\csc-render[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\ext-render-secure[3].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\fastbutton[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V26PIT9G\st[1] not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\0[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\0[2].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\launch[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N6EYX6BS\MainView[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVF1H0KU\index[8].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CVF1H0KU\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\fc[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\xframe-proxy_20110929[1].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0YF0PHVK\xframe-proxy_20110929[2].htm not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Fallon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

I ran OTL as admin in safe mode and I believe it completed. Saying it needed to ne rebooted to remove files. Here is the log file:

All processes killed

========== OTL ==========

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Fallon

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 624 bytes

->Flash cache emptied: 0 bytes

User: Linda

->Temp folder emptied: 64600 bytes

->Temporary Internet Files folder emptied: 106653255 bytes

->FireFox cache emptied: 46049365 bytes

->Apple Safari cache emptied: 1494016 bytes

->Flash cache emptied: 20854 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 636224345 bytes

RecycleBin emptied: 7666 bytes

Total Files Cleaned = 754.00 mb

Unable to stop System Restore Service. Error code 1084. Restore points not cleared.

Unable to start System Restore Service. Error code 1084. Restore point not created.

OTL by OldTimer - Version 3.2.53.0 log created on 06302012_165510

Files\Folders moved on Reboot...

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\0[1].htm moved successfully.

File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\aceUAC[1].htm not found!

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\fastbutton[1].htm not found!

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\xframe-proxy_20110929[1].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\xframe-proxy_20110929[2].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4N1X6DOE\0[1].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\0[1].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\0[2].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\csc-render[1].htm moved successfully.

C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\ext-render-secure[3].htm moved successfully.

File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\fc[1].htm not found!

File\Folder C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\st[1] not found!

PendingFileRenameOperations files...

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\0[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\aceUAC[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\fastbutton[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\xframe-proxy_20110929[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF94WBM3\xframe-proxy_20110929[2].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4N1X6DOE\0[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\0[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\0[2].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\csc-render[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\ext-render-secure[3].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\fc[1].htm not found!

File C:\Users\Linda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1N61VRK9\st[1] not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.