Jump to content

Acer Aspire 5100 Series Laptop Infected


Recommended Posts

Hi,

My grandparents have been having some major problems with their computer. It has been running very slow, so I turned off many of the programs that run on start up and ran disk defrag, ccleaner, and superantispyware. This helped speed it up a little, but it is still insanely slow. I also noticed that that C drive is 70% used up, and yet there is hardly anything on the drive, which makes me think there is an infection. I have malwarebytes running right now, but in the instance that it doesn't fix the problem, I'd appreciate some help.

Thanks much,

Kayla

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_07

Run by Owner at 20:18:58 on 2012-06-29

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.765.131 [GMT -5:00]

.

AV: AVG Anti-Virus Free *Enabled/Updated* {0C939084-9E57-CBDB-EA61-0B0C7F62AF82}

SP: AVG Anti-Virus Free *Enabled/Updated* {B7F27160-B86D-C455-D0D1-307E04E5E53F}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\CISVC.EXE

C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Acer\Empowering Technology\eNet\eNet Service.exe

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Acer\Mobility Center\MobilityService.exe

C:\Windows\system32\mqsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\System32\alg.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\NetZero\exec.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Windows\ehome\ehmsas.exe

C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE

C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE

C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE

C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE

C:\Program Files\NetZero\exec.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://hotmail.com/

uSEARCH PAGE = hxxp://my.netzero.net/s/search?r=minisearch

uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

mStart Page = hxxp://en.us.acer.yahoo.com

mDefault_Page_URL = hxxp://en.us.acer.yahoo.com

mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch

mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch

mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch

uURLSearchHooks: URLSearchHook Class: {37d2cdbf-2af4-44aa-8113-bd0d2da3c2b8} - c:\program files\netzero\SearchEnh1.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - c:\program files\netzero\qsacc\X1IEBHO.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll

TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - c:\program files\netzero\Toolbar.dll

uRun: [<NO NAME>]

uRun: [startCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe

uRun: [????r]

uRun: [?????????] ??????????????e

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [Aim6]

uRun: [speedItUpEX] c:\program files\speeditup free\SpeedItUp.exe -MINI

uRun: [NetZero_uoltray] c:\program files\netzero\exec.exe regrun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe

mRun: [Acer Tour]

mRun: [setPanel]

mRun: [LManager] c:\progra~1\launch~1\LManager.exe

mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe

mRun: [eRecoveryService]

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Display All Images with Full Quality - "c:\program files\netzero\qsacc\appres.dll/228"

IE: Display Image with Full Quality - "c:\program files\netzero\qsacc\appres.dll/227"

Trusted Zone: intuit.com\ttlc

Trusted Zone: netzero.com

Trusted Zone: netzero.net

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{F4A493EE-01AA-4715-8239-5D08557DC603} : DhcpNameServer = 192.168.254.254 192.168.254.254

TCP: Interfaces\{F50ABF69-F187-401A-837D-1FCC5217BFB7} : DhcpNameServer = 192.168.254.254 192.168.254.254

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: avgrsstx.dll eNetHook.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: ccc-core-static - msiexec /fums {35BDA760-4905-19AA-54A0-C118ABB5BF0C} /qb

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2012-06-30 01:05:30 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-06-30 01:03:15 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes

2012-06-30 01:02:47 -------- d-----w- c:\programdata\Malwarebytes

2012-06-30 01:02:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 01:02:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-06-29 08:24:57 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{5efc9703-0f79-4b49-8ec0-e23d23b07be2}\mpengine.dll

2012-06-23 08:06:04 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2012-06-21 23:01:30 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 22:59:57 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 22:59:57 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-16 03:50:03 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-06-15 23:55:27 984064 ----a-w- c:\windows\system32\crypt32.dll

2012-06-15 23:55:27 98304 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-15 23:55:27 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-15 23:39:28 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-15 23:39:23 2045440 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-05-28 08:59:15 161792 ----a-w- c:\windows\system32\msls31.dll

2012-05-28 08:58:55 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2012-05-28 08:58:53 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2012-05-28 08:58:52 86528 ----a-w- c:\windows\system32\iesysprep.dll

2012-05-28 08:58:52 48640 ----a-w- c:\windows\system32\mshtmler.dll

2012-05-28 08:58:42 63488 ----a-w- c:\windows\system32\tdc.ocx

2012-05-28 08:58:37 367104 ----a-w- c:\windows\system32\html.iec

2012-05-28 08:58:24 74752 ----a-w- c:\windows\system32\iesetup.dll

2012-05-28 08:58:16 23552 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-28 08:58:10 152064 ----a-w- c:\windows\system32\wextract.exe

2012-05-28 08:58:08 150528 ----a-w- c:\windows\system32\iexpress.exe

2012-05-28 08:58:03 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-05-28 08:57:43 11776 ----a-w- c:\windows\system32\mshta.exe

2012-05-28 08:57:42 101888 ----a-w- c:\windows\system32\admparse.dll

2012-05-28 08:57:37 35840 ----a-w- c:\windows\system32\imgutil.dll

2012-05-28 08:57:32 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2012-05-28 08:47:29 979456 ----a-w- c:\windows\system32\MFH264Dec.dll

2012-05-28 08:47:27 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll

2012-05-28 08:47:25 302592 ----a-w- c:\windows\system32\mfmp4src.dll

2012-05-28 08:47:24 261632 ----a-w- c:\windows\system32\mfreadwrite.dll

2012-05-28 08:47:22 2873344 ----a-w- c:\windows\system32\mf.dll

2012-05-28 08:47:19 98816 ----a-w- c:\windows\system32\mfps.dll

2012-05-28 08:47:14 209920 ----a-w- c:\windows\system32\mfplat.dll

2012-05-28 08:47:11 586240 ----a-w- c:\windows\system32\stobject.dll

2012-05-28 08:46:58 135680 ----a-w- c:\windows\system32\XpsRasterService.dll

2012-05-28 08:46:46 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2012-05-28 08:46:37 189952 ----a-w- c:\windows\system32\d3d10core.dll

2012-05-28 08:46:36 1029120 ----a-w- c:\windows\system32\d3d10.dll

2012-05-28 08:46:35 478720 ----a-w- c:\windows\system32\dxgi.dll

2012-05-28 08:46:34 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2012-05-28 08:46:33 37376 ----a-w- c:\windows\system32\cdd.dll

2012-05-28 08:46:33 258048 ----a-w- c:\windows\system32\winspool.drv

2012-05-28 08:46:32 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll

2012-05-28 08:46:31 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe

2012-05-28 08:46:29 847360 ----a-w- c:\windows\system32\OpcServices.dll

2012-05-28 08:46:27 1554432 ----a-w- c:\windows\system32\xpsservices.dll

2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-03 08:16:12 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-04-03 08:16:11 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

.

============= FINISH: 20:23:45.37 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/25/2007 10:31:03 AM

System Uptime: 6/29/2012 7:36:52 PM (1 hours ago)

.

Motherboard: Acer | | Navarro

Processor: AMD Turion 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 52 GiB total, 19.96 GiB free.

D: is FIXED (NTFS) - 51 GiB total, 49.153 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

.

Acer Assist

Acer eDataSecurity Management

Acer eLock Management

Acer Empowering Technology

Acer eNet Management

Acer ePower Management

Acer ePresentation Management

Acer eSettings Management

Acer GridVista

Acer Mobility Center Plug-In

Acer Registration

Acer ScreenSaver

Acer Tour

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program

ATI Catalyst Install Manager

ATI Uninstaller

AVG Free 8.5

Bonjour

Branding

Broadcom Driver v4.102.15.63_Foxconn Installation Program

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Localization Arabic

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Spanish

ccc-core-static

ccc-localization-da

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Google Toolbar for Internet Explorer

HDAUDIO Soft Data Fax Modem with SmartCP

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

iTunes

Java Auto Updater

Java 6 Update 18

Java 6 Update 4

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Launch Manager

LightScribe 1.4.136.1

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft IntelliPoint 7.0

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft UI Engine

Microsoft Visual C Runtime

Microsoft Visual C++ 2005 Redistributable

Mozilla Thunderbird (2.0.0.14)

MSN Toolbar

MSN Toolbar Platform

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NetZero Internet

OpenOffice.org 2.4

QuickTime

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

SUPERAntiSpyware

Synaptics Pointing Device Driver

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

TurboTax 2009 wwiiper

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

USB Driver

Viewpoint Media Player

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

6/29/2012 7:38:55 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.

6/29/2012 7:38:55 PM, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 192.168.254.1, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.

6/29/2012 7:38:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon

6/29/2012 7:37:42 PM, Error: EventLog [6008] - The previous system shutdown at 7:35:54 PM on 6/29/2012 was unexpected.

6/29/2012 7:33:48 PM, Error: EventLog [6008] - The previous system shutdown at 7:32:11 PM on 6/29/2012 was unexpected.

6/29/2012 7:27:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

6/29/2012 7:27:50 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/29/2012 7:27:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

6/29/2012 7:14:26 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

6/29/2012 11:31:56 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {28778B62-8481-400D-8E8A-A4C81ED3F65C} as /. The error: "1455" Happened while starting this command: "C:\Windows\System32\wermgr.exe" -senstrigger -Embedding

6/28/2012 3:20:29 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg8wd service.

6/28/2012 11:31:01 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KAYLA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F50ABF69-F187-401A-837D-1FCC5217B. The master browser is stopping or an election is being forced.

6/28/2012 10:51:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the eSettings Service service to connect.

6/28/2012 10:51:04 PM, Error: Service Control Manager [7000] - The eSettings Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/28/2012 10:50:39 PM, Error: Service Control Manager [7031] - The eSettings Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/26/2012 2:01:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DHCP Client service, but this action failed with the following error: An instance of the service is already running.

6/22/2012 1:07:55 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.

6/22/2012 1:05:51 PM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/22/2012 1:05:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.

6/22/2012 1:03:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.

6/22/2012 1:03:12 PM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/22/2012 1:00:02 PM, Error: EventLog [6008] - The previous system shutdown at 12:47:50 AM on 6/22/2012 was unexpected.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Kayla! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

I see there is Viewpoint installed.

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 4

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

Link to post
Share on other sites

Malwarebyte scan ran last night:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.29.12

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

6/29/2012 8:15:24 PM

mbam-log-2012-06-29 (20-15-24).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 290038

Time elapsed: 1 hour(s), 54 minute(s), 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{4A7C84E2-E95C-43C6-8DD3-03ABCD0EB60E} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8BCB5337-EC01-4E38-840C-A964F174255B} (Adware.SmartShopper) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Malewarebytes ran today:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.30.06

Windows Vista Service Pack 2 x86 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

6/30/2012 2:26:37 PM

mbam-log-2012-06-30 (14-26-37).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 193409

Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

(end)

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-30 14:47:02

-----------------------------

14:47:02.866 OS Version: Windows 6.0.6002 Service Pack 2

14:47:02.866 Number of processors: 2 586 0x4802

14:47:02.866 ComputerName: OWNER-PC UserName: Owner

14:47:10.866 Initialize success

14:47:37.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

14:47:37.666 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001J Size: 114473MB BusType: 3

14:47:37.682 Disk 0 MBR read successfully

14:47:37.682 Disk 0 MBR scan

14:47:37.698 Disk 0 unknown MBR code

14:47:37.698 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8997 MB offset 63

14:47:37.713 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 52885 MB offset 18426555

14:47:37.745 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52587 MB offset 126736785

14:47:37.760 Disk 0 scanning sectors +234436545

14:47:37.823 Disk 0 scanning C:\Windows\system32\drivers

14:48:16.276 Service scanning

14:48:45.151 Modules scanning

14:48:58.463 Disk 0 trace - called modules:

14:48:58.510 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys

14:48:58.541 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x847ea5d0]

14:48:58.541 3 CLASSPNP.SYS[861bf8b3] -> nt!IofCallDriver -> [0x83f50898]

14:48:58.557 5 acpi.sys[85a156bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83f1d528]

14:48:58.573 Scan finished successfully

14:49:44.838 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

14:49:44.854 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

OTL Log:

OTL logfile created on: 6/30/2012 2:53:43 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.45 Mb Total Physical Memory | 269.85 Mb Available Physical Memory | 35.25% Memory free

1.80 Gb Paging File | 0.33 Gb Available in Paging File | 18.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51.65 Gb Total Space | 21.30 Gb Free Space | 41.24% Space Free | Partition Type: NTFS

Drive D: | 51.36 Gb Total Space | 49.08 Gb Free Space | 95.57% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 14:51:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/05/28 21:17:31 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2012/05/28 05:30:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2012/05/21 15:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010/01/01 14:06:53 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/08/31 10:01:53 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/31 10:01:47 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/31 10:01:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/08/28 12:27:48 | 001,629,184 | ---- | M] (NetZero, Inc.) -- C:\Program Files\NetZero\exec.exe

PRC - [2007/01/10 19:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/01/02 21:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/01/02 21:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/01/02 19:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2006/12/28 23:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2006/12/25 19:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2006/12/08 03:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2006/12/01 00:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/30 11:03:19 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/06/30 11:03:19 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/06/16 15:14:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll

MOD - [2012/06/16 15:13:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll

MOD - [2012/06/16 15:03:54 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/16 15:03:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/15 23:27:33 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/06/15 23:27:08 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0c7cdb705ad8419ef975cfc624b97a00\log4net.ni.dll

MOD - [2012/06/15 23:25:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/06/15 23:12:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/06/15 23:12:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/06/15 23:09:31 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/06/15 23:09:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/05/28 00:07:31 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/05/28 00:07:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007/01/10 16:23:10 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

MOD - [2007/01/08 15:08:54 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2007/01/02 21:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007/01/02 19:45:22 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

MOD - [2007/01/02 19:45:02 | 000,131,072 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

MOD - [2007/01/02 19:44:52 | 000,966,656 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

MOD - [2007/01/02 19:44:44 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

MOD - [2006/12/28 23:07:22 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

MOD - [2006/12/28 18:23:44 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2006/12/25 19:45:24 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2006/12/25 19:45:06 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2006/12/22 19:37:30 | 000,724,992 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll

MOD - [2006/09/04 13:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2003/06/07 00:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/05/28 05:30:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/08/31 10:01:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/01/02 21:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/02 19:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2006/11/02 07:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009/08/31 10:01:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/31 10:01:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/06/06 11:23:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/06/01 13:51:54 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2008/01/19 01:08:49 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)

DRV - [2007/01/23 16:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/01/08 15:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/11/05 21:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/10/25 01:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006/10/25 01:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006/10/25 01:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://my.netzero.net/s/search?r=minisearch

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.)

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{216051FA-2A66-4F9D-941B-8B6644D1F354}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://webmail.frontiernet.net/mail?#1"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:15:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/06/23 03:14:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/15 14:17:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/28 09:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2009/09/28 12:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\peb6p7b1.default\extensions

[2009/09/03 07:39:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\peb6p7b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/01 19:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/01 14:15:23 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX

File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O3 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setPanel] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [speedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯r] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4A493EE-01AA-4715-8239-5D08557DC603}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50ABF69-F187-401A-837D-1FCC5217BFB7}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50ABF69-F187-401A-837D-1FCC5217BFB7}: Domain = domain.invalid

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7109c260-ab00-11df-8a29-0016d4d5ca49}\Shell - "" = AutoRun

O33 - MountPoints2\{7109c260-ab00-11df-8a29-0016d4d5ca49}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 14:51:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/30 14:45:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2012/06/29 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2012/06/29 20:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/29 20:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/29 20:02:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/29 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/23 03:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2012/06/22 00:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/06/22 00:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/06/15 22:50:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/06/30 14:58:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:58:59 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 14:51:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/30 14:49:44 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat

[2012/06/30 14:46:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2012/06/30 11:08:04 | 000,664,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/06/30 11:08:04 | 000,124,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/06/30 10:59:26 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012/06/30 10:58:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/30 10:58:27 | 803,389,440 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/29 22:07:04 | 061,102,483 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2012/06/29 20:02:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 12:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job

[2012/06/16 14:51:57 | 000,255,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/30 14:49:44 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat

[2012/06/29 20:02:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/05/01 15:04:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/01/16 15:09:25 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi

[2009/06/02 20:14:57 | 000,007,376 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2007/11/20 15:40:09 | 000,031,028 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2007/09/04 22:02:13 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/07/12 00:26:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2007/05/29 14:06:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer

[2008/07/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/07/03 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1

[2007/06/10 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gaijin Ent

[2007/05/29 14:06:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2008/05/29 14:12:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird

[2009/08/10 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\W Photo Studio Viewer

[2010/01/02 17:41:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug

[2010/09/12 22:47:10 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2012/06/18 12:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job

[2012/06/29 23:15:18 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:8DA9DB01

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C0DFB793

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:260575F1

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:70B3C619

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8ô:°LßvL¶Ütpctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNswÖ<osðpctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNswî!æsópctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNsw<‹uÜïðpctlsp.log

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Extras.txt:

OTL Extras logfile created on: 6/30/2012 2:53:43 PM - Run 1

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.45 Mb Total Physical Memory | 269.85 Mb Available Physical Memory | 35.25% Memory free

1.80 Gb Paging File | 0.33 Gb Available in Paging File | 18.28% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51.65 Gb Total Space | 21.30 Gb Free Space | 41.24% Space Free | Partition Type: NTFS

Drive D: | 51.36 Gb Total Space | 49.08 Gb Free Space | 95.57% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)

"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)

"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{2E6C4A92-E596-474B-8E13-24923EDDC2A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{30C54DB9-4504-4AFD-8F2E-74EE1C50E932}" = rport=445 | protocol=6 | dir=out | app=system |

"{38CFDCEF-44A2-45B2-8881-7F3FA0D77753}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{3C99DCB7-CF34-4304-9922-9C02F0EAA6E3}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

"{594CA0E1-A42A-49AC-B2E4-AF9C4A0471AA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5E69611D-AD19-449C-903D-2DD5B8B011EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5E784CFC-7221-46E2-8326-843F1AD4249C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{6AFFFEAD-6862-4755-B67A-B2A7B2302C49}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{6C357DFE-5408-4908-AD7A-72D31CC3FFA6}" = rport=139 | protocol=6 | dir=out | app=system |

"{815B49AF-2F24-4911-A9BE-BE08A2C749A8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{83CBB28E-49B2-4A45-8D89-38AE087CB8E6}" = lport=139 | protocol=6 | dir=in | app=system |

"{9EC31E7F-34D9-4EF6-8CAA-649874F65860}" = lport=138 | protocol=17 | dir=in | app=system |

"{AAABAB23-19F2-4EFD-B079-C0A1A17C9837}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{B5697DA6-A712-43B4-992D-B853D2CEC2E7}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

"{BDFD1369-FA31-48D7-9721-91D1420D3E6E}" = lport=445 | protocol=6 | dir=in | app=system |

"{CB7EEA0B-680B-4401-A8C4-85B7460B9519}" = rport=138 | protocol=17 | dir=out | app=system |

"{D224E43D-1318-4A6B-BD81-0DBBB0B7161A}" = rport=137 | protocol=17 | dir=out | app=system |

"{D76D5999-EA6C-437F-95CC-E43A140BD039}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{DFC303CB-804C-4B9A-8FE8-92E8CC841F0D}" = lport=137 | protocol=17 | dir=in | app=system |

"{F6084D2B-40FB-4435-9A93-6EFB8BC1B2F4}" = rport=2869 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00EE0E7C-F56D-4DB9-B3BC-59DDD15E203A}" = protocol=17 | dir=in | app=e:\release\frontier.exe |

"{059D8C88-B366-4F43-B486-78E5523CBABE}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{1582B81D-86C8-458B-97E8-A63952EE0109}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{1A0579B4-A184-4DBF-BE71-7036E4479DA7}" = protocol=17 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{2F06F8B5-1417-43D9-AC0B-C2514A10E0A0}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |

"{4284DDAC-711F-48A0-BA32-F981223C3261}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{45046C84-ABA0-4009-B876-E259DC3D5B6B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{5B9363C4-993A-4046-ABC0-C1AB21774CC9}" = protocol=6 | dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\mce deluxe suite.exe |

"{5F99B658-2029-4AE7-8C54-81C8B4859207}" = protocol=6 | dir=in | app=e:\release\frontier.exe |

"{63142D75-756E-4A5A-BF3F-F13C96F8A376}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |

"{7278471F-26A4-45B8-A4E6-AB3E5C6B51B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{79C60B9C-15F4-441A-857A-6E984939E8AE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{9DDFA3A4-709A-487F-8AB7-8173CBA847E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9E21F9F9-5590-41F0-815A-4A18BD558D10}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{A3CEE596-5767-4F15-BC2E-99009B60712A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E0C8B78F-8C3A-4E60-BB1D-5BE772024F30}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{F16F4FBA-F3E0-4328-9D06-2F6C7BEEEFD5}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{F3FD88E7-E490-4488-834E-5DA2F40227CF}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{FD1200B1-9166-4ABC-A629-2CBC2DEFC18C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FF7E2649-DD7E-4BFD-8F33-77EBD6EE6135}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"TCP Query User{282ED8C1-EDE1-403B-8D86-EC4A622147FA}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

"TCP Query User{AAEC610A-1FAF-4936-A37D-CDECA3590D29}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{40BA6453-1451-4650-AD1F-A9C286C4997E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{D5711296-2956-4CF3-BCF4-F42E34CA5923}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{018A22DC-465A-40E0-50C2-25D54C7F64A1}" = CCC Help Greek

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant

"{0DE29A13-086F-CA1B-3C85-C30252D509E5}" = Catalyst Control Center Localization Arabic

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{1BF0855F-96CD-98A6-0C21-7643C90D0130}" = Catalyst Control Center Localization Arabic

"{1CD49205-3407-F8BE-954D-ED9706834213}" = CCC Help Swedish

"{1F5D7806-6C3E-C3F5-0F82-6FD8B3BD451B}" = Catalyst Control Center Localization Hungarian

"{2026DF25-9BDC-4FDD-660A-781F6A0C2BF9}" = Catalyst Control Center Graphics Light

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 18

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.2.0.127_Foxconn Installation Program

"{293D7C43-8A39-736B-7EDA-790235A0415A}" = Catalyst Control Center Localization Korean

"{296EDEB2-3B6E-F37B-D6A5-D018AD9B937A}" = CCC Help Turkish

"{2C0EC2F0-F7DE-B1CB-3AA0-E7C814EFFEDF}" = Catalyst Control Center Localization Chinese Standard

"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java 6 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3297D253-6BAD-6864-21E5-E70525776979}" = CCC Help Dutch

"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes

"{35BDA760-4905-19AA-54A0-C118ABB5BF0C}" = ccc-core-static

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3AD03D92-5F58-EAD6-3227-C06352C52F2E}" = CCC Help Russian

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3D6A4420-EAA2-012B-AEE4-000000000000}" = TurboTax 2009 wwiiper

"{3E26071F-82EC-E6FA-E65F-0479EA83E558}" = Catalyst Control Center Localization Arabic

"{3EEA06EB-22FC-F4D1-C417-4CD99FD9E734}" = CCC Help Thai

"{411241B2-ADAA-34E4-4DF3-2FE00A924CD9}" = Catalyst Control Center Localization Finnish

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{47A9F4C0-9F81-8DB2-59FA-11254A927E24}" = CCC Help French

"{480A8C02-EDD0-1A0E-ECEB-6BE2EBB5CF77}" = Catalyst Control Center Localization Japanese

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5445FDF7-52F2-F776-ADBA-6A8C4FC815B3}" = ccc-utility

"{557E68C4-804F-A11D-4004-407C39542948}" = Catalyst Control Center Localization Italian

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager

"{630CC87A-57A3-45DC-A5A4-08CE98E0BCB7}" = Branding

"{652DCC8D-72CB-D921-ACE8-463932342C9B}" = Catalyst Control Center Localization Czech

"{66C96F16-EABD-13E6-A409-628E28389F8A}" = CCC Help Czech

"{6968667A-036F-A685-7A55-F77E24112779}" = CCC Help Portuguese

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6c651250-2eb2-11d5-8e33-0050dad72ac2}" = NetZero Internet

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{733875B5-A1AE-2078-A4F0-CB06525A4FFA}" = CCC Help Japanese

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7F085F4A-CC3A-0101-E380-F510AA324C43}" = CCC Help English

"{80A41A47-40C9-891C-FE7C-BC6E0E93C720}" = Catalyst Control Center Localization Arabic

"{80B0A5B4-4DA4-D1D2-F339-9402B39B8709}" = Catalyst Control Center Graphics Full New

"{855EF1FF-6C22-1EE4-EB6D-F09653C1D82C}" = Catalyst Control Center Localization Arabic

"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver v4.102.15.63_Foxconn Installation Program

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime

"{8FD19401-37F8-5162-DD65-43F15131AF43}" = CCC Help Chinese Traditional

"{9254D884-145F-26EA-0082-DE517816AC42}" = Catalyst Control Center Localization Arabic

"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{974A0BAD-4337-C39C-06BB-09FD098C1E23}" = Catalyst Control Center Localization Arabic

"{991803F9-3E05-EF39-CABC-4B7CCF2AD7AE}" = CCC Help Spanish

"{9BCBE007-6C18-C4E5-9F5C-4DCD23D1D844}" = Catalyst Control Center Core Implementation

"{9DD8A162-07D8-083D-ACD1-CE9BED793882}" = CCC Help German

"{9F1C1015-3B20-7536-2457-D75B2009D57C}" = Catalyst Control Center Localization French

"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC9B83BF-3AEB-E307-F5C7-6F50F72BAB03}" = CCC Help Norwegian

"{ACAA8E1C-DE7C-C8D9-0C73-9FBA318E8F9A}" = CCC Help Hungarian

"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management

"{B74AD1C2-BF07-7619-B0E5-14BB4C416ED8}" = CCC Help Chinese Standard

"{BAE5F6BB-595D-67CE-063D-A7889DD273DA}" = Catalyst Control Center Localization Arabic

"{BC73CB0E-12E6-33C4-A0FD-9CCBF8250A07}" = CCC Help Polish

"{BEBAE81A-68B8-FA4F-1CC9-CDF3CF16A9BE}" = Catalyst Control Center Localization Chinese Traditional

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C8F7C1E5-0150-11D6-A96C-00D05908F85D}" = USB Driver

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CCB6B80B-41CD-8EF5-2CA3-4767D9B3B6FB}" = ccc-localization-da

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D0D88043-F87D-8E9C-FB0E-12E4B4058477}" = Catalyst Control Center Localization Greek

"{D11EEB8E-9F12-A546-7175-9BC4CF5824A3}" = CCC Help Korean

"{D1B65F06-A5EF-9D4B-67C9-5AC907DE616A}" = Catalyst Control Center Graphics Full Existing

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime

"{EF71A531-5B6C-4B20-8D1E-E6379C7FB6D3}" = Microsoft IntelliPoint 7.0

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1D57935-D987-7637-0322-01399573A351}" = Catalyst Control Center Localization Spanish

"{F2EAA2B4-30A1-E093-1093-D905545EE7AE}" = CCC Help Finnish

"{F5DDE40D-3BE2-B129-D78F-FF31DD941FD7}" = CCC Help Italian

"{FCCC21F7-161D-CA84-8877-7543F77011F2}" = CCC Help Danish

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FF4CB48E-A97F-CA1F-9DBE-77CBEDC04170}" = Catalyst Control Center Localization German

"Acer Assist" = Acer Assist

"Acer Registration" = Acer Registration

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"ATI Uninstaller" = ATI Uninstaller

"AVG8Uninstall" = AVG Free 8.5

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"GridVista" = Acer GridVista

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Thunderbird (2.0.0.14)" = Mozilla Thunderbird (2.0.0.14)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TurboTax 2009" = TurboTax 2009

"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/28/2012 6:31:09 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194

Description =

Error - 5/28/2012 2:59:58 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 5/28/2012 2:59:59 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 3103500

Error - 5/28/2012 2:59:59 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 3103500

Error - 5/28/2012 10:18:53 PM | Computer Name = Owner-PC | Source = VSS | ID = 8194

Description =

Error - 5/29/2012 8:36:05 PM | Computer Name = Owner-PC | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 13e4 Start Time: 01cd3dfba5519b6f Termination Time: 0

Error - 5/30/2012 12:57:10 PM | Computer Name = Owner-PC | Source = EventSystem | ID = 4621

Description =

Error - 6/16/2012 10:11:05 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/16/2012 10:11:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 16047

Error - 6/16/2012 10:11:06 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 16047

[ Media Center Events ]

Error - 9/3/2007 11:39:56 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 9/6/2007 11:20:11 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 9/12/2007 5:26:32 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 9/25/2007 7:03:55 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 9:12:10 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 6:39:57 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]

Error - 6/29/2012 11:43:10 PM | Computer Name = Owner-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/29/2012 11:43:10 PM | Computer Name = Owner-PC | Source = ipnathlp | ID = 30013

Description = The DHCP allocator has disabled itself on IP address 192.168.254.1,

since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which

addresses are being allocated to DHCP clients. To enable the DHCP allocator on this

IP address, change the scope to include the IP address, or change the IP address

to fall within the scope.

Error - 6/29/2012 11:47:32 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003

Description =

Error - 6/29/2012 11:47:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 6/29/2012 11:47:55 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 6/30/2012 11:58:49 AM | Computer Name = Owner-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.254.1 for the Network Card with network

address 0016D4D5CA49 has been denied by the DHCP server 192.168.254.254 (The DHCP

Server sent a DHCPNACK message).

Error - 6/30/2012 11:59:56 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

Error - 6/30/2012 12:00:39 PM | Computer Name = Owner-PC | Source = ipnathlp | ID = 34001

Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 6/30/2012 12:00:39 PM | Computer Name = Owner-PC | Source = ipnathlp | ID = 30013

Description = The DHCP allocator has disabled itself on IP address 192.168.254.2,

since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which

addresses are being allocated to DHCP clients. To enable the DHCP allocator on this

IP address, change the scope to include the IP address, or change the IP address

to fall within the scope.

Error - 6/30/2012 3:13:49 PM | Computer Name = Owner-PC | Source = bowser | ID = 8003

Description =

< End of report >

Link to post
Share on other sites

  1. Please re-run aswMBR.exe
  2. Click on [scan] button
  3. On completion of the scan click the [FixMBR]
  4. Once the scan finishes click Save log button to save the log to your Desktop
  5. Copy and paste the contents of aswMBR.txt back here for review

In your next reply, post the following log files:

  • aswMBR log
  • a new fresh OTL log file

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-01 10:40:04

-----------------------------

10:40:04.762 OS Version: Windows 6.0.6002 Service Pack 2

10:40:04.762 Number of processors: 2 586 0x4802

10:40:04.762 ComputerName: OWNER-PC UserName: Owner

10:41:46.841 Initialize success

10:42:18.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

10:42:18.617 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001J Size: 114473MB BusType: 3

10:42:18.648 Disk 0 MBR read successfully

10:42:18.648 Disk 0 MBR scan

10:42:18.648 Disk 0 unknown MBR code

10:42:18.664 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8997 MB offset 63

10:42:18.679 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 52885 MB offset 18426555

10:42:18.711 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52587 MB offset 126736785

10:42:18.726 Disk 0 scanning sectors +234436545

10:42:18.929 Disk 0 scanning C:\Windows\system32\drivers

10:43:16.445 Service scanning

10:45:25.398 Modules scanning

10:46:33.117 Disk 0 trace - called modules:

10:46:33.179 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys

10:46:33.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x847ea620]

10:46:33.414 3 CLASSPNP.SYS[861be8b3] -> nt!IofCallDriver -> [0x83f5c5c0]

10:46:33.429 5 acpi.sys[85a106bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83f17528]

10:46:33.461 Scan finished successfully

10:58:06.945 Verifying

10:58:17.164 Disk 0 Windows 600 MBR fixed successfully

11:00:37.836 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

11:00:37.867 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

OTL logfile created on: 7/1/2012 11:06:52 AM - Run 2

OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

765.45 Mb Total Physical Memory | 234.03 Mb Available Physical Memory | 30.57% Memory free

1.82 Gb Paging File | 0.34 Gb Available in Paging File | 18.62% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 51.65 Gb Total Space | 21.16 Gb Free Space | 40.97% Space Free | Partition Type: NTFS

Drive D: | 51.36 Gb Total Space | 49.08 Gb Free Space | 95.57% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/30 14:51:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/06/30 14:46:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

PRC - [2012/05/28 21:17:31 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2012/05/28 05:30:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2012/05/21 15:38:02 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2010/01/01 14:06:53 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/10/27 22:31:14 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe

PRC - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2009/08/31 10:01:53 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/31 10:01:47 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/31 10:01:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/08/28 12:27:48 | 001,629,184 | ---- | M] (NetZero, Inc.) -- C:\Program Files\NetZero\exec.exe

PRC - [2007/01/10 19:20:34 | 000,462,848 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe

PRC - [2007/01/02 21:58:58 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

PRC - [2007/01/02 21:58:50 | 000,464,168 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

PRC - [2007/01/02 19:46:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

PRC - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe

PRC - [2006/12/28 23:07:22 | 000,724,992 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe

PRC - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe

PRC - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

PRC - [2006/12/25 19:45:26 | 000,319,488 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe

PRC - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe

PRC - [2006/12/14 15:34:16 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe

PRC - [2006/12/08 03:24:00 | 000,614,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe

PRC - [2006/12/01 00:37:00 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/01 10:38:21 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

MOD - [2012/07/01 10:38:21 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

MOD - [2012/06/16 15:14:19 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll

MOD - [2012/06/16 15:13:45 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll

MOD - [2012/06/16 15:03:54 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll

MOD - [2012/06/16 15:03:37 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll

MOD - [2012/06/15 23:27:33 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll

MOD - [2012/06/15 23:27:08 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0c7cdb705ad8419ef975cfc624b97a00\log4net.ni.dll

MOD - [2012/06/15 23:25:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll

MOD - [2012/06/15 23:12:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll

MOD - [2012/06/15 23:12:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll

MOD - [2012/06/15 23:09:31 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll

MOD - [2012/06/15 23:09:22 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll

MOD - [2012/05/28 00:07:31 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

MOD - [2012/05/28 00:07:29 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2007/01/10 16:23:10 | 000,245,760 | ---- | M] () -- C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll

MOD - [2007/01/08 15:08:54 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

MOD - [2007/01/02 21:52:18 | 000,063,488 | ---- | M] () -- C:\Windows\System32\ShowErrMsg.dll

MOD - [2007/01/02 19:45:22 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll

MOD - [2007/01/02 19:45:02 | 000,131,072 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll

MOD - [2007/01/02 19:44:52 | 000,966,656 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll

MOD - [2007/01/02 19:44:44 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll

MOD - [2006/12/28 23:07:22 | 000,237,568 | ---- | M] () -- C:\Acer\Empowering Technology\eNet\eNetPlugin.dll

MOD - [2006/12/28 18:23:44 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll

MOD - [2006/12/25 19:45:24 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll

MOD - [2006/12/25 19:45:06 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll

MOD - [2006/12/22 19:37:30 | 000,724,992 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\eLockCTL.dll

MOD - [2006/09/04 13:41:14 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll

MOD - [2003/06/07 00:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)

SRV - [2012/05/28 05:30:28 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2011/08/11 18:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2009/08/31 10:01:29 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/01/02 21:58:58 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)

SRV - [2007/01/02 19:46:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007/01/02 12:33:24 | 000,135,168 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2006/12/28 23:07:22 | 000,126,976 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2006/12/28 18:24:14 | 000,049,152 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

SRV - [2006/12/22 17:43:18 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2006/11/24 15:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2006/11/02 07:36:18 | 000,029,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\iprip.dll -- (iprip)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon)

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Owner\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2009/08/31 10:01:52 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/31 10:01:52 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/06/06 11:23:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2009/06/01 13:51:54 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2008/01/19 01:08:49 | 000,126,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)

DRV - [2007/01/23 16:25:36 | 000,689,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/01/08 15:16:48 | 002,313,216 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/12/07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)

DRV - [2006/11/05 21:01:20 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)

DRV - [2006/11/02 08:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

DRV - [2006/10/25 01:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)

DRV - [2006/10/25 01:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)

DRV - [2006/10/25 01:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)

DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://my.netzero.net/s/search?r=minisearch

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero\SearchEnh1.dll (NetZero, Inc.)

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{216051FA-2A66-4F9D-941B-8B6644D1F354}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_en

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "http://webmail.frontiernet.net/mail?#1"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2010/01/01 14:15:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/06/23 03:14:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/15 14:17:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/28 09:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2009/09/28 12:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\peb6p7b1.default\extensions

[2009/09/03 07:39:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\peb6p7b1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/01 19:59:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/01 14:15:23 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX

File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

========== Chrome ==========

CHR - default_search_provider: Google ()

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Pop-up Blocker) - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll (NetZero, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (ZeroBar) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll (NetZero, Inc.)

O3 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)

O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()

O4 - HKLM..\Run: [Acer Tour] File not found

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setPanel] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe (NetZero, Inc.)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [speedItUpEX] C:\Program Files\Speeditup Free\SpeedItUp.exe -MINI File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯r] File not found

O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0

O8 - Extra context menu item: Display All Images with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O8 - Extra context menu item: Display Image with Full Quality - C:\Program Files\NetZero\qsacc\appres.dll (NetZero, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: netzero.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000\..Trusted Domains: netzero.net ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4A493EE-01AA-4715-8239-5D08557DC603}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50ABF69-F187-401A-837D-1FCC5217BFB7}: DhcpNameServer = 192.168.254.254 192.168.254.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F50ABF69-F187-401A-837D-1FCC5217BFB7}: Domain = domain.invalid

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{7109c260-ab00-11df-8a29-0016d4d5ca49}\Shell - "" = AutoRun

O33 - MountPoints2\{7109c260-ab00-11df-8a29-0016d4d5ca49}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 14:51:48 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/30 14:45:50 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2012/06/29 20:03:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2012/06/29 20:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/29 20:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/29 20:02:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012/06/29 20:02:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/06/23 03:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2012/06/22 00:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/06/22 00:45:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/06/15 22:50:03 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%

========== Files - Modified Within 30 Days ==========

[2012/07/01 11:00:37 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat

[2012/07/01 10:41:37 | 000,664,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/07/01 10:41:37 | 000,124,670 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/07/01 10:33:38 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2012/07/01 10:33:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 10:33:28 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/01 10:33:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/01 10:32:15 | 803,389,440 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/30 21:31:31 | 061,124,823 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm

[2012/06/30 14:51:52 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/06/30 14:46:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe

[2012/06/29 20:02:51 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/18 12:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\tasks\One-Click Tweak.job

[2012/06/16 14:51:57 | 000,255,528 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/30 14:49:44 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat

[2012/06/29 20:02:51 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/05/01 15:04:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010/01/16 15:09:25 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi

[2009/06/02 20:14:57 | 000,007,376 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat

[2007/11/20 15:40:09 | 000,031,028 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2007/09/04 22:02:13 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2007/07/12 00:26:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\acccore

[2007/05/29 14:06:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Acer

[2008/07/03 21:01:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2008/07/03 20:42:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1

[2007/06/10 18:15:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gaijin Ent

[2007/05/29 14:06:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech

[2008/05/29 14:12:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Thunderbird

[2009/08/10 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\W Photo Studio Viewer

[2010/01/02 17:41:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WeatherBug

[2010/09/12 22:47:10 | 000,000,354 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2012/06/18 12:00:00 | 000,000,500 | ---- | M] () -- C:\Windows\Tasks\One-Click Tweak.job

[2012/06/30 23:18:44 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:8DA9DB01

@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:C0DFB793

@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:260575F1

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:70B3C619

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 142 bytes -> C:\Windows\System32\8ô:°LßvL¶Ütpctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNswÖ<osðpctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNswî!æsópctlsp.log

@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Nsw²uwNsw<‹uÜïðpctlsp.log

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯r] File not found
    O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not found
    O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [] File not found
    O4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [Aim6] File not found

    :Commands
    [emptytemp]
    [purity]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

In your next reply, post the following log files:

  • OTL Fix log
  • a new fresh aswMBR log

Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:OTLO4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯r] File not foundO4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [捁牥吠畯⁲敒業摮牥] 㩃䅜散屲捁牥潔牵剜浥湩敤⹲硥e File not foundO4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [] File not foundO4 - HKU\S-1-5-21-2582383152-1676828863-3559110391-1000..\Run: [Aim6] File not found:Commands[emptytemp][purity][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.0 log created on 07012012_130358

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-01 13:14:23

-----------------------------

13:14:23.359 OS Version: Windows 6.0.6002 Service Pack 2

13:14:23.359 Number of processors: 2 586 0x4802

13:14:23.359 ComputerName: OWNER-PC UserName: Owner

13:14:27.016 Initialize success

13:14:41.326 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:14:41.326 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001J Size: 114473MB BusType: 3

13:14:41.357 Disk 0 MBR read successfully

13:14:41.373 Disk 0 MBR scan

13:14:41.389 Disk 0 Windows VISTA default MBR code

13:14:41.389 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8997 MB offset 63

13:14:41.420 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 52885 MB offset 18426555

13:14:41.451 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52587 MB offset 126736785

13:14:41.467 Disk 0 scanning sectors +234436545

13:14:41.560 Disk 0 scanning C:\Windows\system32\drivers

13:15:18.717 Service scanning

13:15:51.404 Modules scanning

13:16:11.076 Disk 0 trace - called modules:

13:16:11.107 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys

13:16:11.123 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x846e7510]

13:16:11.154 3 CLASSPNP.SYS[861b98b3] -> nt!IofCallDriver -> [0x83f5aa30]

13:16:11.170 5 acpi.sys[85a146bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83f46b98]

13:16:11.185 Scan finished successfully

13:18:50.451 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

13:18:50.467 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

When I copied and pasted the OTL code it pasted in one line form. OTL couldn't read it so I reran it, pasting the code in the format you had it in. So ignore the post above this one :P

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯r deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯⁲敒業摮牥 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2582383152-1676828863-3559110391-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Aim6 deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Owner

->Temp folder emptied: 61440 bytes

->Temporary Internet Files folder emptied: 3876797 bytes

->Java cache emptied: 28272719 bytes

->FireFox cache emptied: 58634818 bytes

->Google Chrome cache emptied: 8792305 bytes

->Flash cache emptied: 1919605 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 156 bytes

RecycleBin emptied: 122920 bytes

Total Files Cleaned = 97.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 07012012_132522

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-01 13:34:21

-----------------------------

13:34:21.380 OS Version: Windows 6.0.6002 Service Pack 2

13:34:21.380 Number of processors: 2 586 0x4802

13:34:21.380 ComputerName: OWNER-PC UserName: Owner

13:34:25.458 Initialize success

13:34:32.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

13:34:32.335 Disk 0 Vendor: TOSHIBA_MK1234GSX AH001J Size: 114473MB BusType: 3

13:34:32.429 Disk 0 MBR read successfully

13:34:32.429 Disk 0 MBR scan

13:34:32.429 Disk 0 Windows VISTA default MBR code

13:34:32.460 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 8997 MB offset 63

13:34:32.491 Disk 0 Partition 2 80 (A) 06 FAT16 NTFS 52885 MB offset 18426555

13:34:32.554 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 52587 MB offset 126736785

13:34:32.601 Disk 0 scanning sectors +234436545

13:34:32.897 Disk 0 scanning C:\Windows\system32\drivers

13:38:49.429 Service scanning

13:39:34.710 Modules scanning

13:40:19.850 Disk 0 trace - called modules:

13:40:19.913 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys

13:40:19.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x846e75d0]

13:40:20.038 3 CLASSPNP.SYS[861bf8b3] -> nt!IofCallDriver -> [0x83f5a8d0]

13:40:20.069 5 acpi.sys[85a0a6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83f48b98]

13:40:20.085 Scan finished successfully

13:40:49.085 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"

13:40:49.085 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

Link to post
Share on other sites

To clean all of these tools:

Please run OTL and click on CleanUp button. Next, manually delete aswMBR.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379&pid=515983&st=0entry515983

And just out of curiosity was it the foistware that was slowing the computer down?

Foistware refers to software which is not wanted and never requested by an end user of a software product, but delivered anyway. Foistware usually comes either "bundled" as additional software programs, packages or components unrelated to the desired software that was requested, or is unwanted additional software downloaded to a computer system, at times, even without the user's knowledge. Foistware, typically, puts hidden components on a computer system thereby countermanding security of the system and also posing inconvenience to the user by resorting to malicious activities such as eating up the system resources, slowing down the system considerably, popping up unnecessary and unwanted advertisements, attempting to bait the unsuspecting user into purchasing another software, etc. Some types of Foistware indulge in forcibly diverting the internet users to unwanted web sites for some revenue opportunity such as baiting for an investment, web site advertisement, purchase of some software etc. Such type of Foistware which is stealthily installed in the computer is sometimes also referred to as sneakware.

You probably have and another problem. Your master boot recorder was unidentified, so that could be the problem too, because sometimes is malware related. Now everything is fine!

Safe surfing! :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.