Sweet just keeps coming back...

[monkeyking]

Hi, followed instructions for removal of sweet packs from another thread, Adw removed it and other stuff, but there's a url restore for sweet just won't go, so as instructed I have used DDS, here are the results, and also the Adw scan with the offending item on it.

DDS txt:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2

Run by oberlawd at 3:55:36 on 2013-04-03

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3070.2165 [GMT 1:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe

C:\Program Files\Acer\Empowering Technology\Service\ETService.exe

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

C:\Program Files\McAfee\MPF\MPFSrv.exe

C:\Program Files\McAfee\MSK\MskSrver.exe

C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

C:\Program Files\Soluto\SolutoLauncherService.exe

C:\Windows\System32\WUDFHost.exe

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\Ati2evxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\program files\soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Acer\Empowering Technology\SysMonitor.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Google\Gmail Notifier\gnotify.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

mDefault_Page_URL = hxxp://en.us.acer.yahoo.com

mWinlogon: Userinit = c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: <No Name>: {089FD14D-132B-48FC-8861-0048AE113215} - c:\program files\siteadvisor\6172\SiteAdv.dll

BHO: McAfee Phishing Filter: {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\program files\mcafee\msk\mcapbho.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll

BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: McAfee SiteAdvisor: {0BF43445-2F28-4351-9252-17FE6E806AA0} - c:\program files\siteadvisor\6172\SiteAdv.dll

TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [skytel] Skytel.exe

mRun: [setresolution] c:\acer\config\1440x900.cmd

mRun: [eRecoveryService] <no file>

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll

AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.43\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

============= SERVICES / DRIVERS ===============

.

R1 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-3-15 201288]

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2012-11-21 269448]

R2 BecHelperService;BecHelperService;c:\program files\3 mobile broadband\3connect\BecHelperService.exe [2012-11-25 1737464]

R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-3-15 24576]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-3-15 359248]

R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-3-15 144704]

R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]

R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-3-15 695624]

R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-3-15 79304]

R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-3-15 35240]

R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2008-3-15 40488]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]

S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-11-22 51144]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2012-11-21 24064]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-11-25 9216]

S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2008-3-15 33800]

S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]

.

=============== Created Last 30 ================

.

2013-04-02 05:49:28 7108640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0a77bbe1-aa9e-4cfc-83e3-d67c60e94f49}\mpengine.dll

2013-03-13 11:54:18 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-07 08:40:28 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2013-03-07 08:40:07 861088 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-03-07 08:40:07 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-02-26 00:22:36 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll

2013-02-26 00:22:36 1017120 ----a-w- c:\windows\system32\nvdispco32.dll

2013-02-26 00:22:34 6262608 ----a-w- c:\windows\system32\nvopencl.dll

2013-02-26 00:22:32 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll

2013-02-26 00:22:32 2505144 ----a-w- c:\windows\system32\nvapi.dll

2013-02-26 00:22:32 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll

2013-02-26 00:22:30 15129960 ----a-w- c:\windows\system32\nvd3dum.dll

2013-02-26 00:22:26 7932256 ----a-w- c:\windows\system32\nvcuda.dll

2013-02-26 00:22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll

2013-02-26 00:22:08 20449056 ----a-w- c:\windows\system32\nvoglv32.dll

2013-02-26 00:22:06 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2013-02-26 00:22:06 2720544 ----a-w- c:\windows\system32\nvcuvid.dll

2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-01-18 14:21:00 4133664 ----a-w- c:\windows\system32\nvcpl.dll

2013-01-18 14:21:00 3005728 ----a-w- c:\windows\system32\nvsvc.dll

2013-01-18 14:20:08 639776 ----a-w- c:\windows\system32\nvvsvc.exe

2013-01-18 14:20:08 62752 ----a-w- c:\windows\system32\nvshext.dll

2013-01-18 14:20:08 2557728 ----a-w- c:\windows\system32\nvsvcr.dll

2013-01-18 14:20:08 108832 ----a-w- c:\windows\system32\nvmctray.dll

2013-01-18 08:15:24 550176 ----a-w- c:\windows\system32\nvStreaming.exe

2013-01-17 01:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe

2013-01-05 05:26:01 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-05 05:26:01 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-04 11:28:18 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-04 01:38:50 2048512 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 3:56:17.25 ===============

attach txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 22/11/2012 05:01:25

System Uptime: 03/04/2013 03:30:07 (0 hours ago)

.

Motherboard: Acer | | RS740DVF

Processor: AMD Athlon 64 X2 Dual Core Processor 4400+ | AM2 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 113 GiB total, 60.545 GiB free.

D: is FIXED (NTFS) - 190 GiB total, 74.988 GiB free.

E: is FIXED (NTFS) - 170 GiB total, 138.158 GiB free.

F: is CDROM ()

G: is CDROM (CDFS)

H: is Removable

I: is Removable

J: is Removable

K: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2A700557&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2A700557&0

Service: i8042prt

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

3Connect

Acer Arcade Live Main Page

Acer DV Magician

Acer DVDivine

Acer eDataSecurity Management

Acer Empowering Technology

Acer eRecovery Management

Acer eSettings Management

Acer HomeMedia

Acer HomeMedia Connect

Acer HomeMedia Trial Creator

Acer ScreenSaver

Acer SlideShow DVD

Acer VideoMagician

Activation Assistant for the 2007 Microsoft Office suites

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.0

Apple Application Support

Apple Software Update

ATI Catalyst Install Manager

Battleships Forever v0.90d

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center Localization Chinese Standard

Catalyst Control Center Localization Chinese Traditional

Catalyst Control Center Localization Czech

Catalyst Control Center Localization Danish

Catalyst Control Center Localization Dutch

Catalyst Control Center Localization Finnish

Catalyst Control Center Localization French

Catalyst Control Center Localization German

Catalyst Control Center Localization Greek

Catalyst Control Center Localization Hungarian

Catalyst Control Center Localization Italian

Catalyst Control Center Localization Japanese

Catalyst Control Center Localization Korean

Catalyst Control Center Localization Norwegian

Catalyst Control Center Localization Polish

Catalyst Control Center Localization Portuguese

Catalyst Control Center Localization Russian

Catalyst Control Center Localization Spanish

Catalyst Control Center Localization Swedish

Catalyst Control Center Localization Thai

Catalyst Control Center Localization Turkish

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

eSobi v2

FUJIFILM MyFinePix Studio 3.2

GIMP 2.8.2

Google Chrome

Google Desktop

Google Gmail Notifier

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Java 7 Update 17

Java Auto Updater

LightScribe 1.4.142.1

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee SecurityCenter

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NTI Backup Now 5

NTI Backup Now Standard

NTI Media Maker 8

NVIDIA 3D Vision Controller Driver 310.70

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Display Control Panel

NVIDIA Graphics Driver 311.06

NVIDIA HD Audio Driver 1.3.18.0

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.1031

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

Pando Media Booster

PG583_32_inf

QuickTime

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Skins

SmartCopy

SmartLauncher

Soluto

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)

WinZip 17.0

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

ZTE_1.2059.0.8

.

==== End Of File ===========================

AdwCleaner search:

# AdwCleaner v2.115 - Logfile created 04/02/2013 at 14:55:53

# Updated 17/03/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : oberlawd - SHALLOWTHOUGHT

# Boot Mode : Normal

# Running from : C:\Users\Son-Tzu\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\oberlawd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2418] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={2185F2B4-393E-11E2-8B80-001FE259A9C1}" ]

*************************

AdwCleaner[R1].txt - [1036 octets] - [02/04/2013 14:21:57]

AdwCleaner[R2].txt - [971 octets] - [02/04/2013 14:55:53]

AdwCleaner[s1].txt - [1073 octets] - [02/04/2013 14:49:56]

########## EOF - \AdwCleaner[R2].txt - [1090 octets] ##########

Hope you can help me get rid of this annoyance! I'm quite cross that this was bundled with yahoo messenger on the official site, how can non-experts be expected to know stuff from trusted sources might not be trustworthy?

[Larusso]

Hy.

Are you syncing your Chrome with google ?

Re-Run ADWcleaner, choose Delete.

Next, go here to delete Sync-Data --> http://www.howtogeek.com/103655/how-to-delete-your-google-chrome-browser-sync-data/

Reboot your system.

Re-Run ADWcleaner and click Scan. Post the logfile here.

[monkeyking]

Same result...

# AdwCleaner v2.115 - Logfile created 04/03/2013 at 10:32:22

# Updated 17/03/2013 by Xplode

# Operating system : Windows Vista Home Premium Service Pack 2 (32 bits)

# User : oberlawd - SHALLOWTHOUGHT

# Boot Mode : Normal

# Running from : C:\Users\Son-Tzu\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\oberlawd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2411] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={2185F2B4-393E-11E2-8B80-001FE259A9C1}" ]

*************************

AdwCleaner[R1].txt - [1036 octets] - [02/04/2013 14:21:57]

AdwCleaner[R2].txt - [1157 octets] - [02/04/2013 14:55:53]

AdwCleaner[R3].txt - [1218 octets] - [03/04/2013 10:22:29]

AdwCleaner[R4].txt - [1215 octets] - [03/04/2013 10:29:24]

AdwCleaner[R5].txt - [1151 octets] - [03/04/2013 10:32:22]

AdwCleaner[s1].txt - [1073 octets] - [02/04/2013 14:49:56]

AdwCleaner[s2].txt - [1254 octets] - [03/04/2013 10:22:56]

########## EOF - \AdwCleaner[R5].txt - [1331 octets] ##########

AdwCleaner auto-reboots after a delete, so I deleted sync data first, then disconnected from net and ran Adw. I ran search after boot and it was clean, but as soon as I started chrome it was back. There is no synced data to delete as I didn't sign in to chrome, just opened it, so it hasn't started to gather sync data yet. The problem doesn't seem to be server side if it's chrome.

[Larusso]

Please launch Chrome.

Settings > on startup > open specific page or set of pages > set pages and look if you can find the sweetIM.

[monkeyking]

Sorry for the tardy reply, things been hectic...

There was nothing set in Chrome for opening specific pages. I tried uninstalling yahoo and running Adw again, same result. Yahoo messenger and updater uninstalled ok, but the yahoo toolbar uninstaller glitched and hung, had to stop process in task manager, was using 50% of cpu to do nothing... I tried following the filepath into the chrome folder, but the preferences file can't be opened (by me) as it has no extension, so I don't know how. Should I uninstall/delete Chrome, and if so is there any way I can save my bookmarks?

[Larusso]

Hy there. Let me check something before wie do a full reinstall.

Could you check if this file exists ? C:\Program Files\Google\Chrome\Application\master_preferences (<< this indicates the installfolder of Chrome. It might be different if you installed it in an other location )

[monkeyking]

Yes, this file exists, on the specified filepath. Hovering the cursor over it indicates its size to be 74 bytes

[Larusso]

hy there.

I know this might be a dumb question but I have to ask Did you ever choose "Delete" with ADWcleaner ? ( /me hides )

Could you please zip and attach these 2 files ?

C:\Users\oberlawd\AppData\Local\Google\Chrome\User Data\Default\Preferences

C:\Program Files\Google\Chrome\Application\master_preferences

[monkeyking]

master_preferences.zipLOL, many times. I can't post the first few logs times as they disappear when you uninstall Adw. This is the most recent delete log and the subsequent scan

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 11:00:42

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# User : oberlawd - SHALLOWTHOUGHT

# Boot Mode : Normal

# Running from : C:\Users\oberlawd\Downloads\AdwCleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\oberlawd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2459] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={2185F2B4-[...]

*************************

AdwCleaner[R1].txt - [1039 octets] - [03/04/2013 14:30:53]

AdwCleaner[R2].txt - [1160 octets] - [03/04/2013 14:35:49]

AdwCleaner[R3].txt - [1221 octets] - [05/04/2013 11:00:24]

AdwCleaner[s1].txt - [1076 octets] - [03/04/2013 14:31:41]

AdwCleaner[s2].txt - [1128 octets] - [05/04/2013 11:00:42]

########## EOF - C:\AdwCleaner[s2].txt - [1188 octets] ##########

And the search after rebooting:

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 11:09:31

# Updated 02/04/2013 by Xplode

# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)

# User : oberlawd - SHALLOWTHOUGHT

# Boot Mode : Normal

# Running from : C:\Users\oberlawd\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\oberlawd\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.2459] : urls_to_restore_on_startup = [ "hxxp://home.sweetim.com/?crg=3.1010000&st=12&barid={2185F2B4-393E-11E2-8B80-001FE259A9C1}" ]

*************************

AdwCleaner[R1].txt - [1039 octets] - [03/04/2013 14:30:53]

AdwCleaner[R2].txt - [1160 octets] - [03/04/2013 14:35:49]

AdwCleaner[R3].txt - [1221 octets] - [05/04/2013 11:00:24]

AdwCleaner[R4].txt - [1092 octets] - [05/04/2013 11:09:31]

AdwCleaner[s1].txt - [1076 octets] - [03/04/2013 14:31:41]

AdwCleaner[s2].txt - [1257 octets] - [05/04/2013 11:00:42]

########## EOF - C:\AdwCleaner[R4].txt - [1272 octets] ##########

I am attaching another zip, this was next to the Preferences file, was also called Preferences, had an extension called .BAD and a filesize (uncompressed) of 666kb. I may be being paranoid, but I thought it best to let an expert decide.

Preferences.zip

Preferences BAD.zip

[Larusso]

Okay, you preference file looks like it should.

The .bad looks like a kind of backup. Some funny things inside like SweetIM for Facebook

The Problemfile is in this account.

C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences

In all honest, I have no idea if this will affect your account. It should not but Chrome is always a competition and I like competitions ( well, not really against a browser )

So, this problem exists in this UserAcc --> oberlawd ?

Please uninstall Yahoo! Toolbar.

Reboot and let me know if it is still present.

[monkeyking]

The Yahoo Toolbar app seems to be gone from programs list now, I tried again to use the uninstall and it said something like, ''Error; Program not found, do you want to remove this program from your list of programs and features?''. I clicked yes, and it's gone, and I can't find any obvious traces of it by looking through the hdd. The Son-Tzu account is the one I use mostly; it is a normal account, the oberlawd account is the one I use when I need administrator privileges. So I need to use it usually for uninstall etc, and I have to use it to update MBAM, as the update option is not usable on a normal account. The problem file came back again after Yahoo is gone, so it isn't there... Do you want me to delete C:\Users\Son-Tzu\AppData\Local\Google\Chrome\User Data\Default\Preferences ?

[Larusso]

So, this problem exists in this UserAcc --> oberlawd ?

Would be nce to answer my question

[monkeyking]

Sorry, no, the problem seems to be only in the Son-Tzu user account

[Larusso]

Download OTL to your Desktop.

Double click on the OTL icon to run it.

• Please change the following settings.
  
  • Checkmark Scan all Users.
    
  • In the Extra Registry group check Use SafeList.
    
  • Underneath Output at the top change it to Minimal Output.
    
  • In the File Scans group check Use Company- Name Whitelist, Skip Microsoft Files and Use No Company Name Whitelist

  [*] Make sure all other windows are closed to let it run uninterrupted.

  [*] Click on the Run Scan Button.

  [*] When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both in your next reply.

[monkeyking]

Ok, here are the files...

OTL logfile created on: 07/04/2013 07:50:50 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oberlawd\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.68% Memory free

6.23 Gb Paging File | 5.33 Gb Available in Paging File | 85.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 113.36 Gb Total Space | 59.23 Gb Free Space | 52.25% Space Free | Partition Type: NTFS

Drive D: | 189.91 Gb Total Space | 73.16 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

Drive E: | 170.08 Gb Total Space | 137.16 Gb Free Space | 80.64% Space Free | Partition Type: NTFS

Drive G: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHALLOWTHOUGHT | User Name: oberlawd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\oberlawd\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)

PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)

PRC - C:\Program Files\Soluto\SolutoService.exe (Soluto)

PRC - C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()

PRC - C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe (acer)

PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()

PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)

PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\MSC\mcuimgr.exe (McAfee, Inc.)

PRC - C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\15e2d7f51f15830591727d6d6a1e4032\System.ServiceProcess.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.UIComponent\3.0.3009.0__739b31b1908c49e5\Framework.UIComponent.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3009.0__4df5dcab8860d239\Framework.Utility.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3009.0__3036420f80dd6947\Framework.Library.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3009.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll ()

MOD - C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()

========== Services (SafeList) ==========

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (SolutoLauncherService) -- C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto)

SRV - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)

SRV - (BecHelperService) -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe ()

SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)

SRV - (SiteAdvisor Service) -- C:\Program Files\SiteAdvisor\6172\SAService.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)

SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)

SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (cpuz136) -- C:\Windows\TEMP\cpuz136\cpuz136_x32.sys File not found

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (Soluto) -- C:\Windows\System32\drivers\Soluto.sys (Soluto LTD.)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (RTL85n86) -- C:\Windows\System32\drivers\RTL85n86.sys (Realtek Semiconductor Corporation )

DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)

DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)

DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)

DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)

DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)

DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=1&o=vp32&d=1112&m=aspire_m1201

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB511

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\system32\npDeployJava1.dll

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()

O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files\McAfee\MSK\mcapbho.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)

O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Program Files\Acer\Empowering Technology\SysMonitor.exe ()

O4 - HKLM..\Run: [eRecoveryService] File not found

O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [setresolution] C:\ACER\Config\1440X900.CMD ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2032668978-1210234877-2971453242-1000\..Trusted Ranges: GD ([http] in Local intranet)

O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll ()

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (c:\program files\soluto\soluto.exe /userinit) - c:\program files\soluto\soluto.exe (Soluto)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/02/09 18:11:34 | 000,084,288 | R--- | M] (Birdstep) - G:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2010/02/09 18:11:34 | 000,027,750 | R--- | M] () - G:\Autorun.ico -- [ CDFS ]

O32 - AutoRun File - [2010/02/09 18:11:34 | 000,000,047 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{0f9e4df9-3418-11e2-8ba9-001fe259a9c1}\Shell - "" = AutoRun

O33 - MountPoints2\{0f9e4df9-3418-11e2-8ba9-001fe259a9c1}\Shell\AutoRun\command - "" = K:\AutoRun.exe

O33 - MountPoints2\{270b3050-36bc-11e2-aaf7-001fe259a9c1}\Shell - "" = AutoRun

O33 - MountPoints2\{270b3050-36bc-11e2-aaf7-001fe259a9c1}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2010/02/09 18:11:34 | 000,084,288 | R--- | M] (Birdstep)

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 16:20:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2013/03/08 12:29:36 | 000,000,000 | ---D | C] -- C:\Users\oberlawd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gmail Notifier

[2013/03/08 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gmail Notifier

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/07 07:48:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/07 07:41:42 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/04/07 07:41:42 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/04/07 07:36:45 | 000,000,441 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2013/04/07 07:36:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/07 07:36:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/07 07:36:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2013/04/07 07:36:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/06 19:31:00 | 000,021,591 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2013/04/06 19:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/03 14:29:47 | 000,000,675 | ---- | M] () -- C:\Users\oberlawd\Desktop\Downloads - Shortcut.lnk

[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/03 14:29:47 | 000,000,675 | ---- | C] () -- C:\Users\oberlawd\Desktop\Downloads - Shortcut.lnk

[2012/12/01 07:26:04 | 000,007,668 | ---- | C] () -- C:\Users\oberlawd\AppData\Local\recently-used.xbel

[2012/12/01 07:22:03 | 000,000,067 | ---- | C] () -- C:\Users\oberlawd\.gtk-bookmarks

[2012/11/22 20:38:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2012/11/22 20:38:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2012/11/22 16:38:17 | 000,000,098 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2012/11/22 06:02:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/11/22 05:50:42 | 000,000,229 | ---- | C] () -- C:\Windows\wininit.ini

[2012/11/21 23:01:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2012/11/21 21:11:22 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2012/11/21 21:11:22 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

OTL Extras logfile created on: 07/04/2013 07:50:50 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\oberlawd\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.21 Gb Available Physical Memory | 73.68% Memory free

6.23 Gb Paging File | 5.33 Gb Available in Paging File | 85.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 113.36 Gb Total Space | 59.23 Gb Free Space | 52.25% Space Free | Partition Type: NTFS

Drive D: | 189.91 Gb Total Space | 73.16 Gb Free Space | 38.52% Space Free | Partition Type: NTFS

Drive E: | 170.08 Gb Total Space | 137.16 Gb Free Space | 80.64% Space Free | Partition Type: NTFS

Drive G: | 22.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHALLOWTHOUGHT | User Name: oberlawd | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2032668978-1210234877-2971453242-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{112251A0-E526-4E8F-ACB5-B8EB9188950F}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{112537FD-C8C5-47AC-A7A2-E9B9B39BEC2B}" = lport=138 | protocol=17 | dir=in | app=system |

"{15C63DDE-A6EA-4E05-B903-0F51DB00F3B7}" = rport=445 | protocol=6 | dir=out | app=system |

"{3CF0435B-0C0B-4235-AD0A-D72967FCA1FC}" = lport=2869 | protocol=6 | dir=in | app=system |

"{3EBBD3F1-FA92-4E2F-978E-065CE7258CA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{422E7234-9B06-4153-A8D0-FA7A2CC82538}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{516DD52D-3977-4F63-BA74-03EF3DD11B31}" = lport=137 | protocol=17 | dir=in | app=system |

"{8EE3BE50-DBEB-4F64-B6E9-37C9F4C5FFF8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{916D7F65-F4C3-4527-B7E4-2A0E4F916534}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C1F82EE1-5404-40ED-BF46-BF656C6BE0AF}" = lport=445 | protocol=6 | dir=in | app=system |

"{C5C57224-F72E-4DB3-AB32-B87261045F03}" = rport=137 | protocol=17 | dir=out | app=system |

"{C70A5766-2010-4549-8811-0BE8C7F2B7CF}" = rport=2869 | protocol=6 | dir=out | app=system |

"{CF8B0A01-AE16-44AB-B47F-E2976944CD9A}" = rport=138 | protocol=17 | dir=out | app=system |

"{D649CAF8-F471-4E9A-88BB-12B47DC77919}" = lport=139 | protocol=6 | dir=in | app=system |

"{DF95F28F-0963-49A9-B1E5-1787EDC835BC}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{E4C1AB93-B4A4-499B-934F-E15079A74BAD}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{E7F66A99-44F7-4251-AEBE-632B3947493D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F0FB220C-423E-4992-AD21-A2267AAFE94E}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03115C26-1812-4DD7-A9B4-B15B3A7ECAFF}" = protocol=6 | dir=in | app=c:\users\son-tzu\downloads\solutoinstaller-_wwk26dxd3j4.exe |

"{0694A089-BE39-40C7-AA68-FD67A580BAC8}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |

"{0F22E01F-29F8-4C3C-B78B-635B69698241}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{18DD47A3-A89D-4F70-8273-3DF909C1AB47}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

"{1A108400-0AB3-4772-93FA-D1CD6549209E}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |

"{207B4AE2-4D90-42D7-BDF6-87A585CA9C36}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |

"{270D21D9-F3E5-4ACD-9EE7-66F7973F51CE}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{279AED74-60A1-496F-A5F0-A1D248BC991F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{27A43F79-4644-49EE-89E5-7379E2C4451A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{34A7487B-0E6F-470E-BADC-E2D0D5DC7BDC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |

"{37B34BC2-1093-42E4-9D21-437620E62FC1}" = protocol=17 | dir=in | app=c:\users\son-tzu\downloads\solutoinstaller-_wwk26dxd3j4.exe |

"{3C64C413-AB79-4CD8-8B55-196734579924}" = protocol=6 | dir=in | app=c:\program files\soluto\soluto.exe |

"{3E339218-90D1-475E-9BCD-5138671070A1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |

"{40CAA6A0-0A2D-4DC0-A364-D31119CB828F}" = protocol=17 | dir=in | app=c:\program files\soluto\soluto.exe |

"{5594115A-58CF-4B18-B6F7-BBCB4857430F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5930BAAC-A3E9-4F58-9B77-BE2029D69955}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |

"{77BAF4C2-F458-4DF7-BA4D-2B87C28BD6AE}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{7A21BC44-2382-447D-969F-5D4FA4A0B35D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{7A743B65-9048-4ED4-919F-C31C321B2AB5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{810DAEE9-E89F-4E68-85CE-5AE3AEE2F7FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{86589AE9-9CDF-45B8-AD4A-BB44E23D63D4}" = protocol=17 | dir=in | app=c:\program files\soluto\solutocleanup.exe |

"{8C6C4F46-5969-4458-85D8-12F41B3327FB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{8D0D6562-48F0-4E40-AA17-FD2572463FCA}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |

"{92827FDC-4F8D-4C47-8E96-311C796C7EC3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{96227ED1-789D-44C9-9F3E-6701AB3C4387}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{A2ED9F1C-0A1D-4D12-9394-E1B6E988AB2F}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |

"{AE25F898-9B59-4D80-A624-170C1C921267}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{AE40D342-7ACB-433B-948D-A3038410D626}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoconsole.exe |

"{B74677C1-742E-4494-BFE7-B45AC72FB7FC}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |

"{BF18C64A-9BB3-4922-9864-880F4481ACD9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BF5704CF-53B9-4D05-982F-E2B84AF7C2A8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{C35AA14B-7287-4448-91E0-2DB029C201E4}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |

"{C4712FF5-4EA4-4B69-BCFC-965A9275E173}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{D60C65F9-B1FC-4A5F-93C7-3D650A77480D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{DB998970-C913-4545-A304-B6420BD8C412}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoupdateservice.exe |

"{DCE5BB6B-210E-4C26-8171-0E16DB113DE4}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{E240B5E8-EC97-4926-9834-ED0E9894C852}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |

"{E2C215F4-37AD-4ADD-9E07-996149881F5D}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |

"{E56C57C4-1D4C-4FE4-9DD4-126E30503FF5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{E992D4E2-9C89-401F-ABB9-61321C8EC8C8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{F0D88946-0B60-4957-8673-C1347A96F969}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{F28BD982-6AEA-49CD-BB98-5482E6730839}" = protocol=17 | dir=in | app=c:\program files\soluto\solutoservice.exe |

"{F2F6D2C8-B5A1-448F-8E7D-1371FEB5A597}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |

"{F653563B-A3EB-428A-819C-8A8A770393B8}" = protocol=6 | dir=in | app=c:\program files\soluto\solutocleanup.exe |

"{F90AE53F-B9E5-4235-BEAC-15B1869426F5}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |

"{FA367C01-BFAD-4528-97DA-3FB03E58E5DC}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoconsole.exe |

"{FCC1B736-1296-4421-81B6-FB6473122F05}" = protocol=6 | dir=in | app=c:\program files\soluto\solutoservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0025DA8D-F344-E316-885A-2D71C66B0FB1}" = Catalyst Control Center Localization Norwegian

"{01B0503D-45A2-CCA2-44DF-C716B80B7EB6}" = Catalyst Control Center Graphics Light

"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier

"{0C74BC57-4128-D428-D4A5-267F66C80C7C}" = CCC Help German

"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1AEB447A-34B8-7DB5-67B8-1E54DADD6572}" = Catalyst Control Center Localization Polish

"{1B897B3A-57C2-DF09-C6CC-E6B9FA0AC44F}" = CCC Help Thai

"{2037D7FD-6401-DDC7-A499-2FDF9ADCD04F}" = CCC Help Turkish

"{21AD8584-EDAC-7D00-71CC-79D111C5B27B}" = CCC Help Italian

"{2295D7EE-0575-D2CC-E52A-102F2AF01169}" = CCC Help Russian

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{2ED84754-62AA-80F6-E434-9C03FF1D4221}" = Catalyst Control Center Localization Korean

"{30965141-4363-2683-885F-4A35810A382B}" = CCC Help Portuguese

"{311D49FD-6B52-D68F-CFBC-796F22554404}" = Catalyst Control Center Localization Dutch

"{3AD4FFEC-0DEC-5037-C92F-C294FEA8F320}" = Catalyst Control Center Localization Hungarian

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C71054A-352C-4ABD-5643-4C8F8617AE08}" = CCC Help Danish

"{3FE1C3BB-91B1-119B-47FE-49143E2AD10B}" = CCC Help Spanish

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding

"{48EF56FD-3B28-DEB7-7C63-85908395E6A6}" = Catalyst Control Center Localization Spanish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C7F547E-DDE3-51BF-1D2E-04816F30AD66}" = ATI Catalyst Install Manager

"{4F896C8E-8AEF-4C27-31CD-56E6E200FAB4}" = CCC Help Dutch

"{53C436CD-155C-6159-D12B-55967DAB8887}" = CCC Help Norwegian

"{57634571-FD82-4BEC-B822-A1ED7765474F}_is1" = SmartLauncher

"{5E396C14-A2E0-3F7B-42FE-15569155234A}" = CCC Help Chinese Standard

"{60245C29-8A73-CF88-275F-A79BA580E748}" = CCC Help Korean

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{68F2FB07-4F60-734A-46FD-493A109D1514}" = CCC Help English

"{6B6D25BD-0680-486E-AA7B-C67BA1CA64B5}" = Soluto

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6FD29E18-619D-259B-948F-3A65967486A3}" = ccc-core-static

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{77FB2697-2C28-9572-6452-F2418A33834E}" = Catalyst Control Center Localization Russian

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7CC14E1A-17B4-27A6-2086-2A52BCC16A16}" = Catalyst Control Center Localization Italian

"{7D30776C-F30F-4207-6A82-EF0E1D6DCD23}" = CCC Help Chinese Traditional

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{8011B8CD-CD37-5B5D-4423-78D358B70C21}" = ccc-utility

"{804AB28B-F929-370A-B3AB-5BB99DFD73DF}" = Catalyst Control Center Localization Chinese Standard

"{84E98285-BEC0-8C52-EB74-10C281737023}" = Catalyst Control Center Localization Portuguese

"{862673D1-8F64-A109-47A9-CD5CFAABBD2A}" = Catalyst Control Center Localization Finnish

"{89EFA70F-87DF-4B19-6366-77B9D693C20E}" = CCC Help Swedish

"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX

"{8DB9E645-E6DB-A4BB-B18A-265435D13274}" = Catalyst Control Center Graphics Full Existing

"{8E62F311-A40C-A7B3-C595-FE1E17D838F8}" = Skins

"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{901DD5DE-0798-883F-8B23-55D3843F3E59}" = Catalyst Control Center Localization Turkish

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92933B9E-3273-9DD6-7F47-EB6DD029C6AC}" = Catalyst Control Center Localization Chinese Traditional

"{954513A8-AAE3-97E9-1FB8-A1D70FD1A549}" = CCC Help Greek

"{9738C893-02C6-6694-DD7B-D50CC8D57248}" = Catalyst Control Center Core Implementation

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DF93979-12BD-D361-0624-9025215FD8B5}" = CCC Help Finnish

"{A4BEC8AC-0E57-E1F8-C3C5-01ED0F27ECB9}" = Catalyst Control Center Localization French

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect

"{A91FB756-A9B5-7A88-7637-21B3061B97A7}" = Catalyst Control Center Graphics Full New

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AC4451B3-1CC2-7C5D-F0EC-AD2DADE9DFF2}" = CCC Help Japanese

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{AC9450D2-2344-132D-AAA8-DB418BC6F3E5}" = CCC Help Hungarian

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B2F6A8F0-927A-D0CC-D1CB-FCEBD7528799}" = Catalyst Control Center Localization Czech

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{B7BD291B-D415-4484-89A4-82077504BE93}_is1" = SmartCopy

"{C0AF881D-EB63-A1D6-F29A-1EAD7BAEDB95}" = Catalyst Control Center Localization Japanese

"{C49624DD-C504-4279-B9E0-65A2EB6E1619}" = PG583_32_inf

"{C75252FF-A765-B58A-44D1-D10C24E69E59}" = Catalyst Control Center Localization Thai

"{CAAF4EB9-68E8-6BC9-ADC2-24491B70A84D}" = Catalyst Control Center Graphics Previews Vista

"{CC25FBAD-153D-0EB7-5EC5-0DE97A7A8788}" = Catalyst Control Center Localization Danish

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{EA34B5D9-A3C9-333A-B1CD-ABCC975FB5EF}" = CCC Help French

"{EBCDE4F2-C6F7-1188-DDE7-15966902EC6A}" = Catalyst Control Center Localization Swedish

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F66208C6-E88B-27B6-9C49-09E78739F017}" = Catalyst Control Center Localization German

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F9E0767F-6DB6-9B56-3BEF-50BAFC430934}" = Catalyst Control Center Localization Greek

"{FCB5EE95-A308-F826-9C6B-18DD2EEA1992}" = CCC Help Polish

"{FE8A68F6-3C7C-D143-F898-C6C1F26CB41E}" = CCC Help Czech

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Battleships Forever_is1" = Battleships Forever v0.90d

"D7EC1A6C98F357A7E4C53FF66325D99F66B1F590" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (12/14/2007 6.1.32.42)

"GIMP-2_is1" = GIMP 2.8.2

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MSC" = McAfee SecurityCenter

"MyFinePix Studio_is1" = FUJIFILM MyFinePix Studio 3.2

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 03/04/2013 08:20:27 | Computer Name = shallowthought | Source = RasClient | ID = 20227

Description =

Error - 03/04/2013 08:20:47 | Computer Name = shallowthought | Source = RasClient | ID = 20227

Description =

Error - 03/04/2013 08:21:08 | Computer Name = shallowthought | Source = RasClient | ID = 20227

Description =

Error - 03/04/2013 08:21:27 | Computer Name = shallowthought | Source = RasClient | ID = 20227

Description =

Error - 03/04/2013 09:35:44 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

Error - 03/04/2013 22:47:20 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

Error - 04/04/2013 10:09:10 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

Error - 05/04/2013 00:44:33 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

Error - 05/04/2013 02:59:33 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

Error - 05/04/2013 05:59:28 | Computer Name = shallowthought | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 04/12/2012 05:05:25 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 04/12/2012 05:05:41 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 04/12/2012 05:05:52 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 04/12/2012 13:59:27 | Computer Name = shallowthought | Source = netbt | ID = 4321

Description = The name "SHALLOWTHOUGHT :0" could not be registered on the interface

with IP address 169.254.0.15. The computer with the IP address 94.196.104.168 did

not allow the name to be claimed by this computer.

Error - 04/12/2012 13:59:27 | Computer Name = shallowthought | Source = netbt | ID = 4321

Description = The name "SHALLOWTHOUGHT :0" could not be registered on the interface

with IP address 169.254.0.15. The computer with the IP address 94.196.104.168 did

not allow the name to be claimed by this computer.

Error - 04/12/2012 13:59:51 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 04/12/2012 14:00:09 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 04/12/2012 14:00:13 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 05/12/2012 00:47:16 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

Error - 05/12/2012 03:08:54 | Computer Name = shallowthought | Source = ipnathlp | ID = 31004

Description = The DNS proxy agent was unable to allocate 0 bytes of memory. This

may indicate that the system is low on virtual memory, or that the memory manager

has encountered an internal error.

< End of report >

[Larusso]

Hy there

No signs of this search entry here. So, anything you want to keep from the Userprofile in Question ?

There is no need to reinstall Chrome, what I have read is we can delete the userprofile and creating a new one

[monkeyking]

Ha ha, yes, I had to move a few files but nothing major. I deleted the user account, and a further scan by AdwCleaner showed the system to be clean now. Thank you very much for your help!

[Larusso]

Great.

Sorry for wasting your time but I wanted to find a solution for this problem as you are not the only one.

Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

There is a newer version of Adobe Acrobat Reader available.

• Please go to this link Adobe Acrobat Reader Download Link
  
• Untick Free McAfee® Security Scan Plus if you do not wish to include this in the installation.
  
• Click Download
  
• On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  
• Click the Continue button
  
• Click Run, and click Run again
  
• Next click the Install Now button and follow the on screen prompts

When the installation is complete go to Add/Remove Programs and uninstall all previous versions.

Please download delfix to your Desktop.

• Close all running programms.
• Doubleclick on the delfix.exe
• Make sure that all options are checked.
  
• Click Start.

This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.

Now that you appear to be free from malware lets help you stay that way!

It is vital that you keep your system up to date

• Please enable Automatic Updates to keep your system up to date.
  
• Windows Updates
  
  • Win XP: Start --> Control Panel and double- click on Automatic Updates.
    
  • Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates

  [*] Software Updates

  Your installed Software also can have vulnerabilities that malware can use to infect your system.

  To keep your installed Software up to date I recommend File Hippo.

Anti Virus Software

• Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.

Additional Protection

• Malwarebytes Anti Malware
  The freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features.
  
• WinPatrol
  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Safer Browsing

• Web of Trust ( WOT )
  This software helps you to stay away from sites that have malicious purposes.
  
• SpywareBlaster
  This software helps prevent the installation of ActiveX-based spyware.

Use an alternate browser

Other browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer.

• Opera
  
• Firefox

Note: If you use Firefox you may want to have a look on this Add Ons.

• AdblockPlus ( Blocks advertisments )
  
• NoScript ( Blocks Java, Flash and JavaScript )

Computer Maintenance

Clean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).

Thinking while surfing

There is no software which will protect your system from yourself.

I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet.

• Staying Safe on the Internet ( by Glaswegian )
  
• Making Internet Explorer Safer.
  
• Think Prevention!

If you have any questions kindly ask.

Please respond to this thread one more time so we can mark this thread as resolved.

[monkeyking]

Yes, thank you for the advice, and help. I will update when I can, I use pre-pay mobile broadband, things are tight atm, so big updates are not within reach until later this month. I don't visit dodgy websites, I don't have the time or data allowance... I have been using MBAM free version for a few years now. Finally, let me say one more time, beware all! SweetIM which infected my system was bundled with Yahoo messenger on the official Yahoo site. They have removed it from the bundle now, though frankly I think they should have sent emails to their customers apologising and recommending how to remove it from their systems. It's really a bad show when a reputable company exposes its customers in such a fashion. Thank you once more, and feel free to close this thread!

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!