Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Do I Have a Virus? Need to rule out before going on...

Started by Missemily , Mar 10 2012 05:47 PM

Please log in to reply

#1
Missemily

Posted 10 March 2012 - 05:47 PM

Member

Member
45 posts

Hi,

I've been having issues with slowness on my computer for a while and it seems to be getting worse. I've run AVG and can't find anything significant other than tracking cookies. One minute I can browse the internet and the next I freeze up for a few seconds but hear the computer running and can see that "something" is happening. To top it off my mouse won't right click (which may be nothing more than a 6 year old "virus" named Emily) so could someone please take a look at the OTL log and let me know if there is anything suspicious or if there is something else I should run to do a check of my system?

Thank you!

OTL logfile created on: 3/10/2012 5:22:02 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Mom\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 26.73% Memory free
3.84 Gb Paging File | 0.60 Gb Available in Paging File | 15.63% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 51.29 Gb Free Space | 35.18% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 137.50 Gb Free Space | 94.53% Space Free | Partition Type: NTFS
Drive E: | 3.94 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mom\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()

========== Win32 Services (SafeList) ==========

SRV - (eRecoveryService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe ()
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (lvselsus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-14 08:23:49&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A89C7B24-B826-43DF-80E5-C38B3024D19C}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?o=20011&l=dis"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2010121801
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2011/03/21 16:57:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:34:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011/07/02 10:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 12:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 12:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/15 07:24:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/09 16:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 16:57:06 | 000,000,000 | ---D | M]

[2009/01/07 21:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/09/08 16:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions
[2011/01/09 16:30:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 16:29:03 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/01/09 16:29:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/01/09 16:29:03 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/09 16:29:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/06 21:51:46 | 000,000,681 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\ask.xml
[2009/05/08 23:03:22 | 000,000,891 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\dictionarycom.xml
[2009/02/07 15:42:03 | 000,001,831 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\jellyneo-item-database-search.xml
[2009/04/20 00:22:13 | 000,000,945 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\youtube-video-search.xml
[2011/08/06 23:49:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 14:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/12/03 17:44:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/16 06:27:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009/12/22 08:34:35 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
[2011/07/02 10:23:41 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="avg@igeared" em:name="AVG Security Toolbar" em:version="7.005.030.004" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/16 12:06:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/16 12:06:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/19 18:45:24 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2005/04/27 14:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/02/15 07:24:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2010/05/08 12:51:33 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinNT-PAI 18.06.2009; WinNT-EVI 12.03.2010; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; 7968031903; control/7.00158)" -"http://www.nickjr.co...-dress-up.html" File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnn.com ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\bw+0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {7880dbe3-0115-449f-a978-21c8e945a2ad} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\offline-8876480 {7880DBE3-0115-449F-A978-21C8E945A2AD} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 18:19:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/19 03:06:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 03:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 03:06:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 03:06:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 03:06:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 03:06:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 03:06:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 03:06:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 03:06:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 03:06:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 03:06:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 03:06:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 03:06:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 03:06:07 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 03:06:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 03:06:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 03:06:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 03:06:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 03:06:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 03:06:06 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 03:06:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 03:06:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 03:06:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 03:06:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 03:06:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 03:06:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 03:06:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 03:06:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 03:06:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 03:06:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 03:06:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 03:06:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 03:06:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 03:06:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 03:06:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 03:06:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 03:06:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 21:43:42 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 08:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/14 08:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/02/14 08:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/02/14 08:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/10 16:55:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/10 15:40:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 15:40:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 12:56:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/10 11:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/10 04:40:00 | 085,073,570 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/02/26 18:12:34 | 000,000,947 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/20 07:04:27 | 000,000,660 | ---- | M] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 07:01:26 | 000,000,245 | ---- | M] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 07:57:24 | 000,000,238 | ---- | M] () -- C:\Users\Mom\Desktop\Facebook.url
[2012/02/19 03:42:39 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/19 03:42:39 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/19 03:36:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/19 03:06:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/19 03:06:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/19 03:06:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 03:06:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 03:06:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 03:06:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 03:06:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 03:06:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 03:06:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 03:06:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 03:06:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 03:06:07 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 03:06:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 03:06:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 03:06:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 03:06:07 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 03:06:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 03:06:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 03:06:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 03:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 03:06:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/19 03:06:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 03:06:06 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 03:06:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 03:06:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 03:06:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 03:06:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 03:06:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 03:06:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 03:06:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 03:06:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 03:06:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 03:06:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 03:06:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 03:06:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 03:06:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 03:06:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 03:06:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 03:06:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 03:06:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/16 03:45:31 | 001,714,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/11 11:39:12 | 000,063,959 | ---- | M] () -- C:\Users\Mom\Desktop\Temp ID Card.pdf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/20 07:04:27 | 000,000,660 | ---- | C] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 07:01:26 | 000,000,245 | ---- | C] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 03:06:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/02/11 11:39:12 | 000,063,959 | ---- | C] () -- C:\Users\Mom\Desktop\Temp ID Card.pdf
[2011/11/26 15:26:34 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/07/24 23:00:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/13 21:51:35 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/04/01 21:35:59 | 000,001,356 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:41D1C7CB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:18BCE9F1
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0778CBF2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:D4D38596
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5CE2502D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1F67CD26
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:E392F409
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:C7F5E798
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:2D0DFF22
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:86148D88
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11E79CC9
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:73CF0D7D
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:CDBCA11D
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D6CA39B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8E783B8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B80659FA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1EE79287
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C5901F6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:58C9BCAC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3C66B20F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1451DA58
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BC38C00C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:28476D43
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:46700142
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A8DAF782
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BD13A410

< End of report >

#2
RKinner

Posted 11 March 2012 - 01:50 AM

Malware Expert

Expert
24,625 posts

I don't see anything other than some adware.

You have an obsolete anti-virus. Let's get rid of it and replace it with the free Avast.

Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe

Download and save the free Avast installer.
http://www.avast.com...ivirus-download
Uninstall AVG

Run the Avg Remover

Reboot

Install Avast. (Register when it asks you - they will try to talk you in to buying the full product but the free version is what we want.)
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find? If it found anything please copy and paste the log file which you should be able to find at:

C:\ProgramData\Avast Software\Avast\report\aswboot.txt

(When it runs it tells you where it will put the log file so verify that the above it what it says.)

Your Firefox appears to be out of date. Get the latest version at:

http://www.mozilla.o...-US/firefox/fx/

(You want the green button)

Uninstall Logitech Desktop Messenger. It's broken and you don't need it anyway.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Close notepad and save your changes. Attach the file to your next post.

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Ron

#3
Missemily

Posted 12 March 2012 - 06:46 PM

Member

Topic Starter
Member
45 posts

Whew!!! I think I finally made it through everything - not having right click is a pain in the Arse! I've attached all the logs as you requested.

Extras.Txt 78.29KB 125 downloads

MOM-PC.txt 475.55KB 115 downloads

OTL.Txt 101.96KB 98 downloads

vew.txt 1.53KB 120 downloads

Oh! and Avast did not find anything nor did the C prompt thing find anything.

OTL logfile created on: 12/03/2012 7:29:13 PM - Run 3
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 41.49% Memory free
3.75 Gb Paging File | 2.48 Gb Available in Paging File | 66.16% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 53.97 Gb Free Space | 37.01% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 137.50 Gb Free Space | 94.53% Space Free | Partition Type: NTFS
Drive E: | 562.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVAST Software\Avast\aswOtl.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\DivX\DivX Plus Web Player\libxml2.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll ()
MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll ()

========== Win32 Services (SafeList) ==========

SRV - (eRecoveryService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (lvselsus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mom\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-14 08:23:49&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A89C7B24-B826-43DF-80E5-C38B3024D19C}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?o=20011&l=dis"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2010121801
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2011/03/21 17:57:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 11:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/11 23:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 18:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 17:57:06 | 000,000,000 | ---D | M]

[2009/01/07 22:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/09/08 17:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions
[2011/01/09 17:30:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/09 17:29:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/06 22:51:46 | 000,000,681 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\ask.xml
[2009/05/09 00:03:22 | 000,000,891 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\dictionarycom.xml
[2009/02/07 16:42:03 | 000,001,831 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\jellyneo-item-database-search.xml
[2009/04/20 01:22:13 | 000,000,945 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\youtube-video-search.xml
[2012/03/12 18:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/19 19:45:24 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/03/12 11:26:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2010/05/08 13:51:33 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinNT-PAI 18.06.2009; WinNT-EVI 12.03.2010; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; 7968031903; control/7.00158)" -"http://www.nickjr.co...-dress-up.html" File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnn.com ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/12 23:38:25 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2006/11/21 20:07:23 | 000,166,744 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 19:27:05 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/03/12 19:14:24 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/11 23:16:25 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/11 23:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/11 23:16:24 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/11 23:16:23 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/11 23:16:23 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/11 23:16:22 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/11 23:16:21 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/11 23:15:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/11 23:15:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/19 04:06:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 04:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 04:06:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 04:06:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 04:06:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 04:06:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 04:06:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 04:06:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 04:06:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 04:06:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 04:06:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 04:06:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 04:06:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 04:06:07 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 04:06:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 04:06:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 04:06:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 04:06:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 04:06:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 04:06:06 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 04:06:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 04:06:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 04:06:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 04:06:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 04:06:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 04:06:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 04:06:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 04:06:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 04:06:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 04:06:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 04:06:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 04:06:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 04:06:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 04:06:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 04:06:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 04:06:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 04:06:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 22:43:42 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 09:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/14 09:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/02/14 09:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/02/14 09:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 19:27:08 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:21 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:14:32 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/12 19:10:13 | 000,002,651 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | M] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:55:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 18:35:11 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 18:35:11 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/12 18:31:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 18:29:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:29:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 18:29:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 18:04:55 | 000,000,874 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 17:59:52 | 000,000,126 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/03/12 11:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/11 23:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/11 23:16:25 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/11 23:09:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/11 23:07:26 | 001,714,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/26 19:12:34 | 000,000,947 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/20 08:04:27 | 000,000,660 | ---- | M] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | M] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 08:57:24 | 000,000,238 | ---- | M] () -- C:\Users\Mom\Desktop\Facebook.url
[2012/02/19 04:06:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/19 04:06:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/19 04:06:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 04:06:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 04:06:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 04:06:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 04:06:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 04:06:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 04:06:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 04:06:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 04:06:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 04:06:07 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 04:06:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 04:06:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 04:06:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 04:06:07 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 04:06:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 04:06:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 04:06:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 04:06:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/19 04:06:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 04:06:06 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 04:06:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 04:06:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 04:06:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 04:06:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 04:06:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 04:06:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 04:06:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 04:06:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 04:06:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 04:06:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 04:06:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 04:06:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 04:06:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 04:06:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 04:06:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 04:06:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 04:06:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 19:16:21 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | C] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:04:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/11 23:16:25 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/20 08:04:27 | 000,000,660 | ---- | C] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | C] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 04:06:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/26 16:26:34 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/07/25 00:00:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/13 22:51:35 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/04/01 22:35:59 | 000,001,356 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:41D1C7CB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:18BCE9F1
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0778CBF2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:D4D38596
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5CE2502D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1F67CD26
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:E392F409
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:C7F5E798
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:2D0DFF22
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:86148D88
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11E79CC9
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:73CF0D7D
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:CDBCA11D
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D6CA39B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8E783B8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B80659FA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1EE79287
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C5901F6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:58C9BCAC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3C66B20F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1451DA58
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BC38C00C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:28476D43
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:46700142
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A8DAF782
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BD13A410

< End of report >

Edited by RKinner, 12 March 2012 - 07:43 PM.

#4
RKinner

Posted 12 March 2012 - 07:57 PM

Malware Expert

Expert
24,625 posts

Looks like you are missing the i8042prt.sys driver. Let's see if OTL can find a spare.

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
i8042prt.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

#5
Missemily

Posted 12 March 2012 - 09:12 PM

Member

Topic Starter
Member
45 posts

I copied pasted and ran it and got this:

OTL logfile created on: 12/03/2012 9:45:57 PM - Run 4
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 60.03% Memory free
3.75 Gb Paging File | 2.68 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 53.92 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 137.50 Gb Free Space | 94.53% Space Free | Partition Type: NTFS
Drive E: | 562.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()

========== Win32 Services (SafeList) ==========

SRV - (eRecoveryService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (lvselsus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mom\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-14 08:23:49&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A89C7B24-B826-43DF-80E5-C38B3024D19C}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?o=20011&l=dis"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2010121801
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.co...s&lng=en-US&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2011/03/21 17:57:06 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 11:26:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/11 23:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 18:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 17:57:06 | 000,000,000 | ---D | M]

[2009/01/07 22:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2011/09/08 17:52:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions
[2011/01/09 17:30:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/09 17:29:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/06 22:51:46 | 000,000,681 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\ask.xml
[2009/05/09 00:03:22 | 000,000,891 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\dictionarycom.xml
[2009/02/07 16:42:03 | 000,001,831 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\jellyneo-item-database-search.xml
[2009/04/20 01:22:13 | 000,000,945 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\youtube-video-search.xml
[2012/03/12 18:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/19 19:45:24 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/03/12 11:26:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2010/05/08 13:51:33 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinNT-PAI 18.06.2009; WinNT-EVI 12.03.2010; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; 7968031903; control/7.00158)" -"http://www.nickjr.co...-dress-up.html" File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnn.com ([www] https in Trusted sites)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/12 23:38:25 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2006/11/21 20:07:23 | 000,166,744 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= - File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: atashost - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5A40C513-6FF1-B0C3-A73B-C7DAD7051883} - Browser Customizations
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7D995958-887E-0AB5-DE84-FE42D7DC396F} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9284C485-5E73-DDCA-B093-398124A811C3} -
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave3 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/12 19:27:05 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/03/12 19:14:24 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/11 23:16:25 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/11 23:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/11 23:16:24 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/11 23:16:23 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/11 23:16:23 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/11 23:16:22 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/11 23:16:21 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/11 23:15:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/11 23:15:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/02/19 04:06:13 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 04:06:12 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 04:06:11 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 04:06:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 04:06:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 04:06:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 04:06:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 04:06:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 04:06:07 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 04:06:07 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 04:06:07 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 04:06:07 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 04:06:07 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 04:06:07 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 04:06:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 04:06:07 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 04:06:07 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 04:06:07 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 04:06:07 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 04:06:06 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 04:06:06 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 04:06:06 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 04:06:06 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 04:06:06 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 04:06:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 04:06:05 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 04:06:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 04:06:05 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 04:06:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 04:06:04 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 04:06:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 04:06:04 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 04:06:04 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 04:06:04 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 04:06:04 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 04:06:04 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 04:06:03 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/02/15 22:43:42 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/14 09:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/14 09:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/02/14 09:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/02/14 09:23:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/12 20:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 20:29:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 20:29:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/12 19:27:08 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:21 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:14:32 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/12 19:10:13 | 000,002,651 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | M] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:35:11 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/12 18:35:11 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/12 18:31:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/12 18:29:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/12 18:04:55 | 000,000,874 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 17:59:52 | 000,000,126 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/03/12 11:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/11 23:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/11 23:16:25 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/11 23:09:28 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/11 23:07:26 | 001,714,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/26 19:12:34 | 000,000,947 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/23 10:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/02/20 08:04:27 | 000,000,660 | ---- | M] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | M] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 08:57:24 | 000,000,238 | ---- | M] () -- C:\Users\Mom\Desktop\Facebook.url
[2012/02/19 04:06:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/19 04:06:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/19 04:06:13 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/02/19 04:06:12 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/19 04:06:11 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/02/19 04:06:10 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/19 04:06:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/02/19 04:06:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/02/19 04:06:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/02/19 04:06:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/02/19 04:06:07 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/02/19 04:06:07 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/19 04:06:07 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/02/19 04:06:07 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/02/19 04:06:07 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/02/19 04:06:07 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/02/19 04:06:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/19 04:06:07 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/02/19 04:06:07 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/02/19 04:06:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/02/19 04:06:07 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/02/19 04:06:06 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/02/19 04:06:06 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/02/19 04:06:06 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/02/19 04:06:06 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/02/19 04:06:06 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/02/19 04:06:05 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/19 04:06:05 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/02/19 04:06:05 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/02/19 04:06:05 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/02/19 04:06:05 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/02/19 04:06:04 | 001,798,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/19 04:06:04 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/02/19 04:06:04 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/02/19 04:06:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/02/19 04:06:04 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/02/19 04:06:04 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/02/19 04:06:04 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/02/19 04:06:03 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/12 19:16:21 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | C] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:04:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/11 23:16:25 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/20 08:04:27 | 000,000,660 | ---- | C] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | C] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 04:06:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/26 16:26:34 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/07/25 00:00:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/13 22:51:35 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/04/01 22:35:59 | 000,001,356 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HDT725032VLA SCSI Disk Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- SM/xD-Picture USB Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 7.00GB
Starting Offset: 32256
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 146.00GB
Starting Offset: 7336949760
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 145.00GB
Starting Offset: 163888704000
Hidden sectors: 0

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2007/10/30 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\7Wonders
[2007/07/17 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Acer
[2011/10/09 21:05:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Adobe
[2007/07/30 22:35:03 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AdobeUM
[2007/10/19 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AlwaysNeat
[2009/11/08 09:58:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2008/09/06 18:20:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ancient Quest of Saqqarah__real
[2008/12/17 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Artogon
[2011/11/13 10:14:18 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Auslogics
[2012/03/11 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AVGTOOLBAR
[2008/09/07 13:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Big Fish Games
[2010/06/27 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Boomzap
[2009/04/03 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Burdaloo
[2007/12/15 00:04:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2008/12/27 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\CatmoonGames
[2009/07/18 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2007/08/27 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ContentGuard
[2010/07/29 16:30:55 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\DivX
[2008/05/17 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Eyeblaster
[2011/11/13 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FileZilla
[2007/08/13 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GAMEON
[2009/03/19 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GameTantra
[2007/08/11 21:26:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\gemsweeperextractedgfx
[2008/08/03 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Google
[2007/07/17 18:12:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Identities
[2008/12/25 15:46:14 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\InstallShield
[2011/11/13 13:07:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\IObit
[2007/11/10 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iWin
[2007/07/17 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Leadertech
[2007/07/17 18:28:11 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Macromedia
[2009/06/18 19:49:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Malwarebytes
[2006/11/02 07:37:34 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Media Center Programs
[2010/10/18 16:15:59 | 000,000,000 | --SD | M] -- C:\Users\Mom\AppData\Roaming\Microsoft
[2010/06/27 19:57:37 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Move Networks
[2009/01/07 22:22:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Mozilla
[2008/01/03 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\My Games
[2009/03/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Neopets Toolbar
[2008/11/02 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\NewSoft
[2008/12/11 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Pharaohs Secret
[2009/11/16 22:09:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PlayFirst
[2008/04/13 10:04:21 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PTV Game
[2010/06/27 20:27:38 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Real
[2007/12/14 22:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ScanSoft
[2010/07/30 21:02:20 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\vlc
[2010/06/27 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Wildfire
[2011/05/06 12:59:00 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/02/13 04:04:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 04:04:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 04:04:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 18:29:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 18:29:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: I8042PRT.SYS >
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_93b1c41f\i8042prt.sys
[2006/11/02 03:51:13 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1060F1377F395A242E27719440ECE602 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_3dfa3917\i8042prt.sys
[2008/02/13 04:06:59 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_a81145df\i8042prt.sys
[2008/02/13 04:06:59 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_f4514c17\i8042prt.sys
[2008/02/13 04:06:59 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.16609_none_957131ccdbca3f9c\i8042prt.sys
[2008/02/13 04:06:59 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=1C9EE072BAA3ABB460B91D7EE9152660 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.16609_none_4c56cf70d52c8670\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\drivers\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_da7e599e\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_f55d5e51\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_8b7c4328\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6001.18000_none_974e6dd8d8f8ec7e\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6002.18005_none_9939e6e4d61ab7ca\i8042prt.sys
[2008/01/19 00:49:18 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=22D56C8184586B7A1F6FA60BE5F5A2BD -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6001.18000_none_4e340b7cd25b3352\i8042prt.sys
[2008/02/13 04:06:58 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_keyboard.inf_31bf3856ad364e35_6.0.6000.20734_none_95d55d61f504b486\i8042prt.sys
[2008/02/13 04:06:59 | 000,054,784 | ---- | M] (Microsoft Corporation) MD5=BEA9838CD25D36BEBA3F94386A761D60 -- C:\Windows\winsxs\x86_msmouse.inf_31bf3856ad364e35_6.0.6000.20734_none_4cbafb05ee66fb5a\i8042prt.sys

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/19 04:06:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/19 04:06:11 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/02/16 09:40:42 | 000,834,840 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/02/16 09:40:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/02/19 04:06:07 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/02/19 04:06:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/02/19 04:06:11 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:41D1C7CB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:18BCE9F1
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0778CBF2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:D4D38596
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5CE2502D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1F67CD26
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:E392F409
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:C7F5E798
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:2D0DFF22
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:86148D88
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11E79CC9
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:73CF0D7D
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:CDBCA11D
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D6CA39B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8E783B8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B80659FA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1EE79287
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C5901F6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:58C9BCAC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3C66B20F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1451DA58
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BC38C00C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:28476D43
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:46700142
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A8DAF782
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BD13A410

< End of report >

and this:

OTL Extras logfile created on: 12/03/2012 9:45:57 PM - Run 4
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 60.03% Memory free
3.75 Gb Paging File | 2.68 Gb Available in Paging File | 71.64% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 53.92 Gb Free Space | 36.98% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 137.50 Gb Free Space | 94.53% Space Free | Partition Type: NTFS
Drive E: | 562.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = jsfile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1253988152-1754509375-3719375458-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{121F632C-53E5-4C51-8C90-3D2F545FBDDE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{152F9FF5-ECD1-4C4B-8235-38D3777E7DB4}" = rport=1701 | protocol=17 | dir=out | app=system |
"{18629FF5-B57C-4C05-B9AA-34059DF3FBA0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1F268E9A-632E-4ECE-B310-877E8B96F688}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{457C6A29-A4A3-4A96-A2CB-8159846DF42C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52D2CEF9-A532-492F-8E45-C13E6F6A7487}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{5945BEF4-6620-483B-BD15-1C100D12FE6D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5B2F0B70-0D75-46EC-89BC-D9B017AFF2AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5C62198F-734D-42DA-A72A-A7C4E0EC1CA0}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{5EAC40A1-D07D-401F-B1AB-154C225D8FA5}" = lport=1701 | protocol=17 | dir=in | app=system |
"{62A9A78D-2139-4BDE-AA2A-517696F34761}" = lport=1723 | protocol=6 | dir=in | app=system |
"{62D8678F-CC32-4CA5-900D-27E12505C419}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7BFB6CBD-0570-4221-BFAD-22D5178882A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FE80894-9AD5-4D23-A3D4-6E2BB7B4C7C3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8113CD93-E6AE-44E5-92A7-CCD920861871}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95F266B0-CFE7-44B3-9651-6113B669BE2F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9E28681C-FFC1-4652-8FD3-8D0FD020354B}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{A45F71C7-03E7-46E4-B6D6-1F704BF206EC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B242AA68-306D-478D-BDCC-4DE993085E0D}" = rport=1723 | protocol=6 | dir=out | app=system |
"{B7A8BB6B-073D-4762-A1E6-890A46709FAC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C1673B8F-1597-40BD-87E6-CDF1BB8A89DD}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E3DA030C-1CA0-4B0D-B69A-95FB3B32CDC1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F240ED92-5135-46DF-B07C-B823AAD6DD93}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F4640425-BE95-4B4B-B4B4-6467AC502456}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{F6C04033-E2B5-4BC7-8AD8-CF5B0A41A365}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02566116-7AF2-4A7E-8BD6-DCD8575B69BE}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{03DE0338-B9D1-4DEA-986A-80946EA0CDE7}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{0C764EEA-4B92-4251-88CF-A63A3B6BAC2F}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{16147A6E-699F-4BDF-8602-720A66BB9AA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D3D403B-9747-4475-9E6C-A46FA19D5050}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53A085FF-2626-4C3C-836B-ADDE380587A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{53DBA74A-093C-4270-BF2C-A9A443CAA248}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{5AD1825F-9781-442B-BD1E-B6E1D521830C}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{5D96AD0A-457B-49CF-8CA8-35FDE78C63F6}" = protocol=6 | dir=out | app=system |
"{606F9767-608B-402B-961F-09F4FD26CF0D}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{69E5CD57-D89E-46A5-BB98-A79C39D6EC2A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{71C7D07E-7A87-4E71-9CF0-44E60F3C19D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{75608FFD-D654-408B-83A6-2FFBEC1CBCBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7A5CBA66-D006-4CD7-BA7B-7086872ADBC1}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{7F4A43AD-F74F-4AC1-8274-EA6BF5FDF386}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7F923772-2824-4977-ADEA-AA2C75730722}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8691AA7C-20DB-4778-A83B-80E162510350}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9736BFD7-DB90-4349-8810-59D7AF1A350D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9DE2CC96-75DC-47FF-BA30-9162BE1C38CF}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{A6E8071A-98F6-4011-B152-E2FF86B0039E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{B3CE9DB1-BAFD-42C1-BE50-9E98F4BF70F6}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{B72072FB-56BB-43FD-9A80-9BCF8D7289E0}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{C6501965-D376-4E2D-918B-2BE4BDE7209D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CCC058AA-2F4C-4604-8F3C-93811B85C4A2}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{CCF75AF6-14B7-4F2D-A951-0DB7F6BA0E3B}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{D3A58C0B-33FA-4EF7-8E2B-021F6ED69E9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF48915A-B141-4531-B43C-2E30A565378B}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{F805D548-A289-46D1-BD6F-D4F60A7C6050}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{F8193DFD-62C2-4EF5-BF0D-8F685E392F0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0C577D62-EB95-4F5F-8F5A-C16A01C9F299}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3EEC89C0-02B9-4A4C-8668-B19AA664CFD0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{59F8CFFA-5927-4B5E-83E2-5AD5780B117C}C:\users\mom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{31C4433F-C3DB-4D49-A7EF-0B0EC28BE859}C:\users\mom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mom\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{5678B7AC-6FC6-45B6-9B26-7749A585C099}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A883A5C9-D494-411B-B40E-3F7D8B822441}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C1B233-D218-484B-8078-9375482C5608}" = LeapFrog Tag Plugin
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0DD2BDF7-EAC8-41F7-83ED-61A2D05C6235}" = Adobe Setup
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6A136B9A-1895-436F-83F8-30D9C68BB6EA}" = Rhapsody Player Engine
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73E81E9B-7319-43AD-B7CC-1C61405E5089}" = Adobe After Effects CS3 Template Projects & Footage
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96ABF4E1-1489-4B84-B3CB-82E010247D73}" = Adobe Creative Suite 3 Master Collection
"{992C016C-CA8F-4D13-ABAB-D24A481C102B}" = LeapFrog Leapster2 Plugin
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.16
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1D93F5B-881F-49E3-BA56-B4B8FA991059}" = Adobe Encore CS3 Library
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"4 Elements" = 4 Elements
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_e7e6bb3ae60aaa1c5b11aa97d8f15b0" = Add or Remove Adobe Creative Suite 3 Master Collection
"am-insaniquariumdeluxe" = Insaniquarium Deluxe
"am-rocketmania" = Rocket Mania
"ancientsecrets" = Ancient Secrets
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol
"avast" = avast! Free Antivirus
"aztecball" = Aztec Ball
"Bejeweled 3" = Bejeweled 3
"Bejeweled Blitz" = Bejeweled Blitz
"bejeweledtwisttm" = Bejeweled Twist™
"BFG-7 Wonders - Treasures of Seven" = 7 Wonders: Treasures of Seven
"BFG-Amazonia" = Amazonia
"BFG-Ancient Mosaic" = Ancient Mosaic
"BFG-Ancient Quest of Saqqarah" = Ancient Quest of Saqqarah
"BFG-Atlantis Sky Patrol" = Atlantis Sky Patrol™
"BFG-Azada" = Azada ™
"BFG-Azada - Ancient Magic" = Azada ™: Ancient Magic
"BFG-Ballhalla" = Ballhalla
"BFG-Bubble Town" = Bubble Town
"BFG-Burdaloo" = Burdaloo
"BFGC" = Big Fish Games: Game Manager
"BFG-Call of Atlantis" = Call of Atlantis
"BFG-Charma - The Land of Enchantment" = Charma: The Land of Enchantment
"BFG-Chromentum 2" = Chromentum 2
"BFG-DragonStone" = DragonStone
"BFG-Dream Chronicles - The Chosen Child" = Dream Chronicles: The Chosen Child
"BFG-Elements" = Elements
"BFG-Elias the Mighty" = Elias the Mighty
"BFG-Fairy Jewels 2" = Fairy Jewels 2
"BFG-Floating Kingdoms" = Floating Kingdoms ™
"BFG-Glyph 2" = Glyph 2
"BFG-Hexalot" = Hexalot
"BFG-Legend of Ali Baba" = Legend of Ali Baba
"BFG-Liong - The Lost Amulets" = Liong: The Lost Amulets
"BFG-Luxor" = Luxor
"BFG-LUXOR - Quest for the Afterlife" = Luxor: Quest for the Afterlife
"BFG-Luxor 2" = Luxor 2
"BFG-Luxor Amun Rising" = Luxor Amun Rising
"BFG-Magic Encyclopedia" = Magic Encyclopedia
"BFG-Marblez" = Marblez
"BFG-Mosaic Tomb of Mystery" = Mosaic Tomb of Mystery
"BFG-Mystery of Shark Island" = Mystery of Shark Island
"BFG-Mythic Marbles" = Mythic Marbles
"BFG-Peggle Nights" = Peggle Nights
"BFG-Rainbow Ruffle" = Rainbow Ruffle
"BFG-The Pini Society" = The Pini Society
"BFG-Tile Quest" = Tile Quest
"BFG-Totem Quest" = Totem Quest
"BFG-Unwell Mel" = Unwell Mel ™
"BFG-Zenerchi" = Zenerchi
"Canon MX310 series User Registration" = Canon MX310 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"cosmicstacker" = Cosmic Stacker
"Diamond Drop 2" = Diamond Drop 2
"DivX Setup.divx.com" = DivX Setup
"Dream Chronicles™ 2 - The Eternal Maze" = Dream Chronicles™ 2 - The Eternal Maze
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Fireworks Extravaganza" = Fireworks Extravaganza
"Fishing Craze" = Fishing Craze
"Globey - On the Roll!" = Globey - On the Roll!
"Gold Rush - Treasure Hunt" = Gold Rush - Treasure Hunt
"Google Updater" = Google Updater
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Jewels of Cleopatra" = Jewels of Cleopatra
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package
"Lexmark 3100 Series" = Lexmark 3100 Series
"Liong - The Dragon Dance" = Liong - The Dragon Dance
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Monster Mash" = Monster Mash
"Mozilla Firefox 10.0.2 (x86 en-US)" = Mozilla Firefox 10.0.2 (x86 en-US)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"pharaohssecret" = Pharaoh's Secret
"PROR" = Microsoft Office Professional 2007
"Rainbow Web 2" = Rainbow Web 2
"RealArcade" = RealArcade
"Saqqarah" = Saqqarah
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Speccy" = Speccy
"Svetlograd" = Svetlograd
"SystemRequirementsLab" = System Requirements Lab
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"The Great Tree" = The Great Tree
"The Legend of El Dorado" = The Legend of El Dorado
"Tropix" = Tropix
"Tumblebugs 2" = Tumblebugs 2
"UPCShell" = LeapFrog Connect
"VLC media player" = VLC media player 1.1.2
"Web Games Player Plugin" = Web Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit" = Circuit Construction Kit
"FileZilla Client" = FileZilla Client 3.2.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2012 8:16:31 PM | Computer Name = Mom-PC | Source = Perflib | ID = 1010
Description =

[ OSession Events ]
Error - 17/08/2009 8:46:54 AM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 74
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/08/2009 8:47:30 AM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 17/08/2009 4:33:06 PM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1271
seconds with 420 seconds of active time. This session ended with a crash.

Error - 17/08/2009 4:37:26 PM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 244
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/09/2009 11:09:03 AM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/05/2011 2:01:16 PM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 4:20:56 PM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/06/2011 12:29:12 AM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/11/2011 6:44:02 PM | Computer Name = Mom-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/03/2012 7:28:44 PM | Computer Name = Mom-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/03/2012 7:28:59 PM | Computer Name = Mom-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 12/03/2012 7:30:40 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/03/2012 7:30:40 PM | Computer Name = Mom-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

#6
RKinner

Posted 13 March 2012 - 01:16 AM

Malware Expert

Expert
24,625 posts

The file i8402.prt.sys is where it should be and it appears to be a good file. Let's check the registry entry:

Copy the next line:

reg query HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt /s > \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Then right click and Paste or Edit then Paste and the copied line should appear. Hit Enter.

Type with an Enter after the line:

notepad  \junk.txt

Copy the text from notepad and paste it into a reply.

#7
Missemily

Posted 13 March 2012 - 09:54 PM

Member

Topic Starter
Member
45 posts

I finally got it typed into there correctly and got this:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt
DisplayName REG_SZ i8042 Keyboard and PS/2 Mouse Port Driver
Group REG_SZ Keyboard Port
ImagePath REG_EXPAND_SZ system32\DRIVERS\i8042prt.sys
ErrorControl REG_DWORD 0x1
Start REG_DWORD 0x1
Type REG_DWORD 0x1
Tag REG_DWORD 0x5

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt\Parameters
PollingIterations REG_DWORD 0x2ee0
PollingIterationsMaximum REG_DWORD 0x2ee0
ResendIterations REG_DWORD 0x3
LayerDriver JPN REG_SZ kbd101.dll
LayerDriver KOR REG_SZ kbd101a.dll

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\i8042prt\Enum
Count REG_DWORD 0x0
NextInstance REG_DWORD 0x0
INITSTARTFAILED REG_DWORD 0x1

#8
RKinner

Posted 14 March 2012 - 12:44 AM

Malware Expert

Expert
24,625 posts

Let's try reinstalling the keyboard and mouse drivers. First close all programs and save any work in progress.

Right click on Computer and select Manage (Continue) then select:
Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.
Now select Device Manager. View, Show Hidden. In the right pane find "Keyboards" and click on the arrow in front of it. For each entry under Keyboards, right click and uninstall. It will ask if you want to reboot now. Tell it NO.

Now find "Mice and other pointing devices" and click on the arrow in front of it. Right click on the mouse you use (if there are more than one you can uninstall the others first but the mouse you use must be the last one uninstalled) and Uninstall. Tell it you want to reboot this time.

Reboot.

Windows should detect and reinstall the keyboard and mouse.

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

#9
Missemily

Posted 14 March 2012 - 05:17 AM

Member

Topic Starter
Member
45 posts

I had a little problem with this due to not being able to right click on anything. I finally found the event viewer and deleted the logs as requested. Then I found the device manager and coud delete HID devices under keyboard and the intellitype mouse - but I did not delete the intellitype keyboard since I have no other way to right click unless I use the keyboard short cut 'shift +F10' - I rebooted the computer manually because it never asked me to reboot - it just deleted things when I said okay and the ran OTL and got this log. FYI in case we need it I do have the disk to reinstall the keyboard and mouse if necessary.

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 14/03/2012 6:11:56 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/03/2012 10:55:00 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: i8042prt

Log: 'System' Date/Time: 14/03/2012 10:55:00 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The eRecovery Service service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 14/03/2012 10:53:18 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 14/03/2012 10:53:07 AM
Type: Error Category: 0
Event: 46 Source: volmgr
Crash dump initialization failed!

Log: 'System' Date/Time: 14/03/2012 10:51:44 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#10
RKinner

Posted 14 March 2012 - 09:31 AM

Malware Expert

Expert
24,625 posts

If you have a non standard keyboard then we may be barking up the wrong tree. Go ahead and reinstall your mouse and keyboard with the disk and see if that helps.

Another possibility:

Download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot and see if things are any better.

#11
Missemily

Posted 15 March 2012 - 05:39 AM

Member

Topic Starter
Member
45 posts

Well, I uninstalled and reinstalled the intellitype disc - this is a microsoft keyboard and mouse wireless combo pack I bought a while back. No luck on getting a right click there.

I downloaded and ran the shell viewer and disabled all the non-microsoft items and still no right click.

Dang it all!!! Is there any way to check and see if the mouse itself is broken? it's the only other thing I can think of.

*a little bit later* WoW! can I leave all that stuff disabled? My internet actually acts likes an internet and not a geriatric computer run by gerbils power!!!!

Edited by Missemily, 15 March 2012 - 05:49 AM.

#12
RKinner

Posted 15 March 2012 - 10:19 AM

Malware Expert

Expert
24,625 posts

Do you have the old mouse? You can just plug it in (shut down the PC first then plug it in and reboot). Normally it will work in parallel with the current mouse.

To just test the right button on your existing mouse you can go into the Control Panel, Mouse then under Buttons click on the Switch Primary and Secondary Buttons. This takes effect right away so you if it doesn't work you won't be able to Apply it so I expect if you shutdown and restart it will go back to normal. Once you check the box the button functions are reversed so you have to right click when you would normally left click.

The ShellExView stuff is usually harmless but sometimes one of them will cause problems. Normally we just go back in and enable half of them each time until we find the culprit, then remove it and leave the rest of them enabled. (You don't have to reboot each time but you do need to stop Explorer.exe and restart it using the Task Manager or the changes won't take effect.)
Go back into ShellExView and Highlight all of the items that you Disabled. Then File, Save Selected Items, point it at your desktop then give it a name like shelljunk and OK. Close ShellExView. That should create a file on your desktop. Attach it to your next reply.

#13
Missemily

Posted 15 March 2012 - 11:39 AM

Member

Topic Starter
Member
45 posts

Aha!!! RIP Mr. Mouse.

I switched the settings and found that I could only right click. Then I plugged in my laptop mouse and it worked fine both ways.

So, the "Emily Virus" got me

Probably dropped it and didn't want to tell mommmy.

In the meantime here is the shell junk file and anything else I can do to "unclutter" this machine would be helpful - it's the "family" computer which means everyone uses it and I don't always catch what they've done right away. That includes the teen who you tubes and facebooks and chats everything and the college girl who "borrows" it and then tries to "fix it" when it doesn't work for her the way she thinks it ought to. Which is why NO ONE touches my laptop :/

==================================================
Extension Name : DesktopContext Class
Disabled : Yes
Type : Context Menu
Description : NVIDIA Display Properties Extension
Version : 7.15.11.7530
Product Name : NVIDIA Compatible Windows Vista Display driver, Version 175.30
Company : NVIDIA Corporation
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\nvcpl.dll
CLSID : {A70C977A-BF00-412C-90B7-034C51DA2439}
File Created Time : 20/06/2008 1:04:00 AM
CLSID Modified Time: 24/11/2008 4:01:30 AM
Microsoft : No
File Extensions : Directory\Background
File Attributes : A
File Size : 13,535,776
.NET Extension : No
==================================================

==================================================
Extension Name : Acrobat Elements Context Menu
Disabled : Yes
Type : Context Menu
Description : Adobe Acrobat Context Menu
Version : 8.1.5.2007051000\0
Product Name : Adobe Acrobat Elements
Company : Adobe Systems Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
CLSID : {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
File Created Time : 06/06/2009 8:12:17 AM
CLSID Modified Time: 12/08/2007 7:59:44 PM
Microsoft : No
File Extensions : *, Folder
File Attributes : A
File Size : 685,696
.NET Extension : No
==================================================

==================================================
Extension Name : avast
Disabled : Yes
Type : Context Menu
Description : avast! Shell Extension
Version : 7.0.1426.0
Product Name : avast! Antivirus
Company : AVAST Software
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVAST Software\Avast\ashShell.dll
CLSID : {472083B0-C522-11CF-8763-00608CC02F24}
File Created Time : 11/03/2012 11:15:23 PM
CLSID Modified Time: 11/03/2012 11:16:25 PM
Microsoft : No
File Extensions : *, AllFilesystemObjects, Folder
File Attributes : A
File Size : 123,536
.NET Extension : No
==================================================

==================================================
Extension Name : eDSshlExt Class
Disabled : Yes
Type : Context Menu
Description : Shell Extension Module
Version : 2, 5, 0, 16
Product Name : eDSshellExt Module
Company : HiTRUST
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\eDSshellExt.dll
CLSID : {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
File Created Time : 16/11/2006 1:18:22 PM
CLSID Modified Time: 17/07/2007 6:14:18 PM
Microsoft : No
File Extensions : *, Directory
File Attributes : A
File Size : 331,776
.NET Extension : No
==================================================

==================================================
Extension Name : VideoThumbnail Class
Disabled : Yes
Type : Thumbnail
Description : CyberLink Thumbnail extractor
Version : 2.0.0.1627
Product Name : Cinema
Company : CyberLink Corp.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Acer Zone\Acer Zone MakeDisk\Kernel\Video\CLMedia.dll
CLSID : {884AEA80-5979-43BF-843D-7F40AB648D3D}
File Created Time : 06/01/2006 11:47:32 PM
CLSID Modified Time: 17/07/2007 7:43:49 PM
Microsoft : No
File Extensions : .asx, .wm
File Attributes : A
File Size : 36,864
.NET Extension : No
==================================================

==================================================
Extension Name : MPEG2Thumbnail Class
Disabled : Yes
Type : Thumbnail
Description : CyberLink Thumbnail extractor
Version : 2.0.0.1627
Product Name : Cinema
Company : CyberLink Corp.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Acer Zone\Acer Zone SoftDMA\Kernel\Video\CLMedia.dll
CLSID : {F6E3DA91-1220-4fb3-85EC-CF494D9FF7DD}
File Created Time : 06/01/2006 11:50:40 PM
CLSID Modified Time: 17/07/2007 7:43:50 PM
Microsoft : No
File Extensions : .dat, .M1S, .m1v, .m2v, .mpe, .mpeg, .mpg, .vob, .VRO
File Attributes : A
File Size : 36,864
.NET Extension : No
==================================================

==================================================
Extension Name : InDesign Icon Handler
Disabled : Yes
Type : Icon Handler
Description : Icon Handler Plug-in
Version : 5.0
Product Name : Adobe InDesign
Company : Adobe Systems Incorporated
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Common Files\Adobe\Shell\idicon.dll
CLSID : {53611C75-C9E9-11D3-8018-00C04FA375F6}
File Created Time : 08/03/2007 2:42:52 AM
CLSID Modified Time: 12/08/2007 7:49:05 PM
Microsoft : No
File Extensions : .inct, .incx, .indb, .indd, .indl, .inds, .indt
File Attributes : A
File Size : 131,072
.NET Extension : No
==================================================

==================================================
Extension Name : NVIDIA CPL Extension
Disabled : Yes
Type : Context Menu
Description : NVIDIA Display Properties Extension
Version : 7.15.11.7530
Product Name : NVIDIA Compatible Windows Vista Display driver, Version 175.30
Company : NVIDIA Corporation
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\nvcpl.dll
CLSID : {FFB699E0-306A-11d3-8BD1-00104B6F7516}
File Created Time : 20/06/2008 1:04:00 AM
CLSID Modified Time: 17/07/2007 6:11:39 PM
Microsoft : No
File Extensions : AVIFile, mpegfile, WMVFile
File Attributes : A
File Size : 13,535,776
.NET Extension : No
==================================================

==================================================
Extension Name : FileZilla 3 Shell Extension
Disabled : Yes
Type : Copy Hook Handler
Description : fzshellext Dynamic Link Library
Version : 3, 2, 2, 0
Product Name : fzshellext Dynamic Link Library
Company :
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\FileZilla FTP Client\fzshellext.dll
CLSID : {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B}
File Created Time : 20/02/2009 12:23:52 PM
CLSID Modified Time: 20/02/2009 1:00:29 PM
Microsoft : No
File Extensions : Directory
File Attributes : A
File Size : 94,720
.NET Extension : No
==================================================

==================================================
Extension Name : PDF Shell Extension
Disabled : Yes
Type : Column Handler
Description : PDF Shell Extension
Version : 8.1.0.0
Product Name : Adobe PDF Shell Extension
Company : Adobe Systems, Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
CLSID : {F9DB5320-233E-11D1-9F84-707F02C10627}
File Created Time : 06/06/2009 8:12:27 AM
CLSID Modified Time: 13/11/2011 10:14:09 AM
Microsoft : No
File Extensions : Folder
File Attributes : A
File Size : 372,736
.NET Extension : No
==================================================

==================================================
Extension Name : avast
Disabled : Yes
Type : Icon Overlay Handler
Description : avast! Shell Extension
Version : 7.0.1426.0
Product Name : avast! Antivirus
Company : AVAST Software
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVAST Software\Avast\ashShell.dll
CLSID : {472083B0-C522-11CF-8763-00608CC02F24}
File Created Time : 11/03/2012 11:15:23 PM
CLSID Modified Time: 11/03/2012 11:16:25 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 123,536
.NET Extension : No
==================================================

==================================================
Extension Name : Adobe PDF Reader Link Helper
Disabled : Yes
Type : Browser Helper Object
Description : Adobe PDF Helper for Internet Explorer
Version : 8.0.0.2006102200
Product Name : AcroIEHelper Library
Company : Adobe Systems Incorporated
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
CLSID : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
File Created Time : 22/10/2006 11:08:42 PM
CLSID Modified Time: 03/03/2008 6:22:52 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 62,080
.NET Extension : No
==================================================

==================================================
Extension Name : ContributeBHO Class
Disabled : Yes
Type : Browser Helper Object
Description : Contribute IE Plugin
Version : 1.0.0.0
Product Name : Contribute
Company : Adobe Systems Incorporated.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
CLSID : {074C1DC5-9320-4A9A-947D-C042949C6216}
File Created Time : 16/03/2007 3:13:06 PM
CLSID Modified Time: 13/11/2011 10:14:06 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 118,784
.NET Extension : No
==================================================

==================================================
Extension Name : DivX Plus Web Player HTML5 <video>
Disabled : Yes
Type : Browser Helper Object
Description : DivX Web Player version 2.1.1.94
Version : 2, 1, 1, 94
Product Name : DivX Web Player
Company : DivX, LLC
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CLSID : {326E768D-4182-46FD-9C16-1449A49795F4}
File Created Time : 07/02/2011 7:17:52 PM
CLSID Modified Time: 13/11/2011 10:14:10 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 3,118,976
.NET Extension : No
==================================================

==================================================
Extension Name : DivX HiQ
Disabled : Yes
Type : Browser Helper Object
Description : DivX Web Player version 2.1.1.94
Version : 2, 1, 1, 94
Product Name : DivX Web Player
Company : DivX, LLC
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CLSID : {593DDEC6-7468-4cdd-90E1-42DADAA222E9}
File Created Time : 07/02/2011 7:17:52 PM
CLSID Modified Time: 13/11/2011 10:14:10 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 3,118,976
.NET Extension : No
==================================================

==================================================
Extension Name : SSVHelper Class
Disabled : Yes
Type : Browser Helper Object
Description : Java™ Platform SE binary
Version : 6.0.260.3
Product Name : Java™ Platform SE 6 U26
Company : Sun Microsystems, Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Java\jre6\bin\ssv.dll
CLSID : {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
File Created Time : 30/06/2011 9:56:52 AM
CLSID Modified Time: 16/07/2011 7:43:30 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 325,408
.NET Extension : No
==================================================

==================================================
Extension Name : avast! WebRep
Disabled : Yes
Type : Browser Helper Object
Description : avast! WebRep Plugin
Version : 7.0.1426.0
Product Name : avast! WebRep
Company : AVAST Software
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
CLSID : {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
File Created Time : 11/03/2012 11:15:23 PM
CLSID Modified Time: 11/03/2012 11:22:00 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 1,003,704
.NET Extension : No
==================================================

==================================================
Extension Name : AVG Security Toolbar
Disabled : Yes
Type : Browser Helper Object
Description : AVG Secure Search
Version : 10.2.0.3
Product Name :
Company :
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
CLSID : {95B7759C-8C7F-4BF1-B163-73684A933233}
File Created Time : 12/03/2012 11:26:37 AM
CLSID Modified Time: 12/03/2012 11:26:42 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 1,869,152
.NET Extension : No
==================================================

==================================================
Extension Name : Google Toolbar Helper
Disabled : Yes
Type : Browser Helper Object
Description : Google Toolbar
Version : 7, 3, 2614, 234
Product Name : Google Toolbar for Internet Explorer
Company : Google Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
CLSID : {AA58ED58-01DD-4d91-8333-CF10577473F7}
File Created Time : 26/07/2009 7:14:10 AM
CLSID Modified Time: 27/02/2012 10:56:27 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 192,112
.NET Extension : No
==================================================

==================================================
Extension Name : Adobe PDF Conversion Toolbar Helper
Disabled : Yes
Type : Browser Helper Object
Description : Adobe PDF Toolbar for Internet Explorer
Version : 8.1.0.0
Product Name : Adobe PDF Toolbar for IE
Company : Adobe Systems Incorporated
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
CLSID : {AE7CD045-E861-484f-8273-0445EE161910}
File Created Time : 03/03/2008 6:22:07 AM
CLSID Modified Time: 12/08/2007 7:59:48 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 321,120
.NET Extension : No
==================================================

==================================================
Extension Name : Java™ Plug-In 2 SSV Helper
Disabled : Yes
Type : Browser Helper Object
Description : Java™ Platform SE binary
Version : 6.0.260.3
Product Name : Java™ Platform SE 6 U26
Company : Sun Microsystems, Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Java\jre6\bin\jp2ssv.dll
CLSID : {DBC80044-A445-435b-BC74-9C25C1C588A9}
File Created Time : 30/06/2011 9:56:52 AM
CLSID Modified Time: 16/07/2011 7:26:59 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 42,272
.NET Extension : No
==================================================

==================================================
Extension Name : Adobe PDF
Disabled : Yes
Type : Explorer Bar
Description : Adobe PDF Toolbar for Internet Explorer
Version : 8.1.0.0
Product Name : Adobe PDF Toolbar for IE
Company : Adobe Systems Incorporated
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
CLSID : {182EC0BE-5110-49C8-A062-BEB1D02A220B}
File Created Time : 03/03/2008 6:22:07 AM
CLSID Modified Time: 12/08/2007 7:59:48 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 321,120
.NET Extension : No
==================================================

==================================================
Extension Name : Adobe PDF Preview Handler for Vista
Disabled : Yes
Type : Preview Handler
Description : Adobe PDF Preview Handler
Version : 1.0.0.1
Product Name : Adobe PDF Preview Handler
Company : Adobe Systems, Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\Acrobat 8.0\Acrobat\pdfprevhndlr.dll
CLSID : {DC6EFB56-9CFA-464D-8880-44885D7DC193}
File Created Time : 11/05/2007 12:39:42 AM
CLSID Modified Time: 12/08/2007 7:59:48 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 83,568
.NET Extension : No
==================================================

==================================================
Extension Name : Acer eDataSecurity Management
Disabled : Yes
Type : IE Toolbar
Description : eDStoolbar Module
Version : 2, 5, 3022, 14
Product Name : eDStoolbar Module
Company : HiTRUST
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\eDStoolbar.dll
CLSID : {5CBE3B7C-1E47-477e-A7DD-396DB0476E29}
File Created Time : 16/11/2006 1:18:36 PM
CLSID Modified Time: 17/07/2007 6:14:16 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 151,552
.NET Extension : No
==================================================

==================================================
Extension Name : Adobe PDF
Disabled : Yes
Type : IE Toolbar
Description : Adobe PDF Toolbar for Internet Explorer
Version : 8.1.0.0
Product Name : Adobe PDF Toolbar for IE
Company : Adobe Systems Incorporated
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
CLSID : {47833539-D0C5-4125-9FA8-0819E2EAAC93}
File Created Time : 03/03/2008 6:22:07 AM
CLSID Modified Time: 12/08/2007 7:59:48 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 321,120
.NET Extension : No
==================================================

==================================================
Extension Name : Contribute Toolbar
Disabled : Yes
Type : IE Toolbar
Description : Contribute IE Plugin
Version : 1.0.0.0
Product Name : Contribute
Company : Adobe Systems Incorporated.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
CLSID : {517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
File Created Time : 16/03/2007 3:13:06 PM
CLSID Modified Time: 13/11/2011 10:14:06 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 118,784
.NET Extension : No
==================================================

==================================================
Extension Name : AVG Security Toolbar
Disabled : Yes
Type : IE Toolbar
Description : AVG Secure Search
Version : 10.2.0.3
Product Name :
Company :
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
CLSID : {95B7759C-8C7F-4BF1-B163-73684A933233}
File Created Time : 12/03/2012 11:26:37 AM
CLSID Modified Time: 12/03/2012 11:26:42 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 1,869,152
.NET Extension : No
==================================================

==================================================
Extension Name : Google Toolbar
Disabled : Yes
Type : IE Toolbar
Description : Google Toolbar
Version : 7, 3, 2614, 234
Product Name : Google Toolbar for Internet Explorer
Company : Google Inc.
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
CLSID : {2318C2B1-4965-11d4-9B18-009027A5CD4F}
File Created Time : 26/07/2009 7:14:10 AM
CLSID Modified Time: 27/02/2012 10:56:27 AM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 192,112
.NET Extension : No
==================================================

==================================================
Extension Name : avast! WebRep
Disabled : Yes
Type : IE Toolbar
Description : avast! WebRep Plugin
Version : 7.0.1426.0
Product Name : avast! WebRep
Company : AVAST Software
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
CLSID : {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
File Created Time : 11/03/2012 11:15:23 PM
CLSID Modified Time: 11/03/2012 11:22:00 PM
Microsoft : No
File Extensions :
File Attributes : A
File Size : 1,003,704
.NET Extension : No
==================================================

#14
RKinner

Posted 15 March 2012 - 02:40 PM

Malware Expert

Expert
24,625 posts

Uninstall
Auslogics Registry Cleaner -snake oil
Java™ 6 Update 26 - obsolete. Get latest at java.com
Adobe Reader 7.0 - obsolete. Get latest at adobe.com. Make sure you uncheck the McAfee Security scan or any other "free" programs.
FileZilla Client 3.2.2 - Don't need
Microsoft Silverlight - unless you know you need it for something
Windows Live OneCare safety scanner -obsolete
WebEx Support Manager for Internet Explorer -not needed

Copy the text in the code box by highlighting and Ctrl + c


:processes
killallprocesses

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-02-14 08:23:49&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A89C7B24-B826-43DF-80E5-C38B3024D19C}: "URL" = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://dl.ask.com/to...m=1&toolbar=GV2
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?o=20011&l=dis"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cc6e5b0&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/12 11:26:44 | 000,000,000 | ---D | M]
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/02/06 22:51:46 | 000,000,681 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\ask.xml
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/03/12 11:26:37 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/02/16 05:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB7.2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; WinNT-PAI 18.06.2009; WinNT-EVI 12.03.2010; .NET4.0C; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; 7968031903; control/7.00158)" -"http://www.nickjr.com/kids-games/little-bears-dress-up.html" File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\AutoRun\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\install\command - "" = J:\rcaeasyrip_setup.exe
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualEnglish\command - "" = J:\rcaeasyrip_setup.exe /pdf_English
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualFrench\command - "" = J:\rcaeasyrip_setup.exe /pdf_French
O33 - MountPoints2\{07065048-3093-11df-a424-001921e2df15}\Shell\usermanualSpanish\command - "" = J:\rcaeasyrip_setup.exe /pdf_Spanish
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{8e3cd411-54a8-11dd-918e-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell - "" = AutoRun
O33 - MountPoints2\{e69abe3e-53bb-11de-9d15-001921e2df15}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e780b413-34c7-11dc-8c43-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2006/11/21 20:07:23 | 000,166,744 | R--- | M] (Microsoft Corporation)
[2012/02/14 09:24:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/14 09:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/02/14 09:24:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:43C9D140
@Alternate Data Stream - 228 bytes -> C:\ProgramData\TEMP:41D1C7CB
@Alternate Data Stream - 227 bytes -> C:\ProgramData\TEMP:F44D3C53
@Alternate Data Stream - 226 bytes -> C:\ProgramData\TEMP:614F17D3
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:E07EA07E
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:18BCE9F1
@Alternate Data Stream - 225 bytes -> C:\ProgramData\TEMP:0778CBF2
@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:D4D38596
@Alternate Data Stream - 219 bytes -> C:\ProgramData\TEMP:5CE2502D
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:E1D6C864
@Alternate Data Stream - 218 bytes -> C:\ProgramData\TEMP:1F67CD26
@Alternate Data Stream - 217 bytes -> C:\ProgramData\TEMP:322D2CD3
@Alternate Data Stream - 215 bytes -> C:\ProgramData\TEMP:E392F409
@Alternate Data Stream - 212 bytes -> C:\ProgramData\TEMP:C7F5E798
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:FC2E567F
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:8944C195
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:2D0DFF22
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:0C988F7D
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:86148D88
@Alternate Data Stream - 204 bytes -> C:\ProgramData\TEMP:11E79CC9
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:73CF0D7D
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:61AF2B29
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:CDBCA11D
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:1CAF6B12
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:D6CA39B5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:8E783B8E
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B80659FA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:1EE79287
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C5901F6D
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:58C9BCAC
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:3C66B20F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:1451DA58
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:AF54CFFD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:59846E5E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:BC38C00C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A31B5E9B
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:28476D43
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:89A5891E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:F2958F3A
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:46700142
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:4AA2F6A9
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A8DAF782
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BD13A410

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config vToolbarUpdater10.2.0 start= disabled /c
sc config eRecoveryService start= disabled /c
sc config CLTNetCnService start= disabled /c
sc config atashost start= disabled /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Run OTL again, Quickscan and post the log.

#15
Missemily

Posted 15 March 2012 - 06:50 PM

Member

Topic Starter
Member
45 posts

Here's the latest log and what I did:

Uninstall
Auslogics Registry Cleaner -snake oil UNINSTALLED had trouble with Avast on this one - kept putting it in the sandbox.
Java™ 6 Update 26 - obsolete. Get latest at java.com UNINSTALLED
Adobe Reader 7.0 - obsolete. Get latest at adobe.com. Make sure you uncheck the McAfee Security scan or any other "free" programs. UNINSTALLED
FileZilla Client 3.2.2 - Don't need UNINSTALLED
Microsoft Silverlight - unless you know you need it for something - this is needed for Netflix
Windows Live OneCare safety scanner -obsolete - could not find this program
WebEx Support Manager for Internet Explorer -not needed UNINSTALLED

OTL logfile created on: 15/03/2012 7:35:34 PM - Run 5
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Mom\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1.75 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 34.11% Memory free
3.74 Gb Paging File | 2.49 Gb Available in Paging File | 66.61% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.80 Gb Total Space | 54.77 Gb Free Space | 37.56% Space Free | Partition Type: NTFS
Drive D: | 145.46 Gb Total Space | 137.50 Gb Free Space | 94.53% Space Free | Partition Type: NTFS
Drive E: | 562.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MOM-PC | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Common Files\logishrd\LVCOMSER\LVCSPS.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()

========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater10.2.0) -- File not found
SRV - (eRecoveryService) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (lvselsus) -- File not found
DRV - (IpInIp) -- File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (AswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVUVC) Logitech QuickCam Pro 5000(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys ()
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Mom\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...client&ie=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIE_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {c4d362ec-1cff-4ca0-9031-99a8fad7995a}:1.14.2010121801
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems:

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/npmozax: C:\Program Files\Mozilla Firefox\plugins\ [2012/03/15 19:14:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/16 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/11 23:15:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 18:04:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/15 19:14:26 | 000,000,000 | ---D | M]

[2009/01/07 22:22:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Extensions
[2012/03/15 19:25:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions
[2011/01/09 17:30:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2011/01/09 17:29:03 | 000,000,000 | ---D | M] (Configuration Mania?) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{c4d362ec-1cff-4ca0-9031-99a8fad7995a}
[2011/01/09 17:29:02 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/05/09 00:03:22 | 000,000,891 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\dictionarycom.xml
[2009/02/07 16:42:03 | 000,001,831 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\jellyneo-item-database-search.xml
[2009/04/20 01:22:13 | 000,000,945 | ---- | M] () -- C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\4h8a6hi0.default\searchplugins\youtube-video-search.xml
[2012/03/12 18:04:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\TOOLBAR\FIREFOX\AVG@IGEARED
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/03/16 13:06:12 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\MOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4H8A6HI0.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}
[2012/02/16 09:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/10/19 19:45:24 | 000,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2005/04/27 15:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npracplug.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/02/16 05:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
CHR - plugin: RealArcade Mozilla Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: 3D Life Player (Enabled) = C:\Program Files\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

O1 HOSTS File: ([2010/05/08 13:51:33 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnn.com ([www] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59491320-FDB5-405E-AD8F-A5AA7722D0C3}: DhcpNameServer = 75.75.75.75 75.75.76.76
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mom\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/12 23:38:25 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/15 19:24:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/15 06:27:19 | 000,000,000 | ---D | C] -- C:\Users\Mom\Desktop\ShellExView
[2012/03/15 06:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse
[2012/03/15 06:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012/03/15 06:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
[2012/03/15 06:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2012/03/15 06:11:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Microsoft IntelliPoint
[2012/03/12 19:27:05 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:20 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/03/12 19:14:24 | 004,485,448 | ---- | C] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/11 23:16:25 | 000,020,696 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/03/11 23:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/11 23:16:24 | 000,337,880 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/11 23:16:23 | 000,053,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/11 23:16:23 | 000,035,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/11 23:16:22 | 000,612,184 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/11 23:16:21 | 000,057,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/11 23:15:27 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/11 23:15:26 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/11 23:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/15 19:37:12 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/15 19:37:12 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/15 19:31:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/15 19:30:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 19:30:55 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/15 19:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/15 18:55:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/15 11:41:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/03/15 06:30:05 | 000,000,296 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2012/03/15 06:30:05 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/15 06:26:59 | 000,127,425 | ---- | M] () -- C:\Users\Mom\Desktop\shexview_setup.exe
[2012/03/15 06:22:22 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2012/03/15 06:21:10 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2012/03/14 03:23:52 | 001,714,592 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 19:27:08 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Mom\Desktop\OTL.exe
[2012/03/12 19:16:21 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:14:32 | 004,485,448 | ---- | M] (Piriform Ltd) -- C:\Users\Mom\Desktop\spsetup116.exe
[2012/03/12 19:10:13 | 000,002,651 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | M] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:04:55 | 000,000,874 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/12 17:59:52 | 000,000,126 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/03/11 23:21:59 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/03/11 23:16:25 | 000,001,833 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/06 18:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 18:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/03/06 18:03:51 | 000,612,184 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/03/06 18:03:38 | 000,337,880 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/03/06 18:02:00 | 000,035,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2012/03/06 18:01:53 | 000,053,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/03/06 18:01:48 | 000,057,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/03/06 18:01:30 | 000,020,696 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/02/26 19:12:34 | 000,000,947 | ---- | M] () -- C:\Users\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/20 08:04:27 | 000,000,660 | ---- | M] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | M] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 08:57:24 | 000,000,238 | ---- | M] () -- C:\Users\Mom\Desktop\Facebook.url
[2012/02/19 04:06:37 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/02/19 04:06:37 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/02/19 04:06:07 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/15 06:26:51 | 000,127,425 | ---- | C] () -- C:\Users\Mom\Desktop\shexview_setup.exe
[2012/03/15 06:23:30 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_IPoint_exe.job
[2012/03/15 06:23:29 | 000,000,296 | -H-- | C] () -- C:\Windows\tasks\Microsoft_Hardware_Launch_IType_exe.job
[2012/03/15 06:22:22 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Mouse.lnk
[2012/03/15 06:21:10 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Keyboard.lnk
[2012/03/12 19:16:21 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/03/12 19:05:10 | 000,061,440 | ---- | C] ( ) -- C:\Users\Mom\Desktop\VEW.exe
[2012/03/12 18:04:55 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 18:04:55 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/03/11 23:16:25 | 000,001,833 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/02/20 08:04:27 | 000,000,660 | ---- | C] () -- C:\Users\Mom\Desktop\Angry Birds on Facebook.url
[2012/02/20 08:01:26 | 000,000,245 | ---- | C] () -- C:\Users\Mom\Desktop\Netflix.url
[2012/02/19 04:06:07 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/11/26 16:26:34 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/07/25 00:00:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/13 22:51:35 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/04/01 22:35:59 | 000,001,356 | ---- | C] () -- C:\Users\Mom\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2007/10/30 20:45:35 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\7Wonders
[2007/07/17 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Acer
[2007/10/19 20:49:50 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AlwaysNeat
[2009/11/08 09:58:02 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ancient Quest of Saqqarah__bfg
[2008/09/06 18:20:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Ancient Quest of Saqqarah__real
[2008/12/17 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Artogon
[2011/11/13 10:14:18 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Auslogics
[2012/03/11 23:04:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\AVGTOOLBAR
[2008/09/07 13:19:51 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Big Fish Games
[2010/06/27 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Boomzap
[2009/04/03 17:15:30 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Burdaloo
[2007/12/15 00:04:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Canon
[2008/12/27 00:30:41 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\CatmoonGames
[2009/07/18 12:01:56 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2007/08/27 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ContentGuard
[2008/05/17 17:41:33 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Eyeblaster
[2011/11/13 13:21:56 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\FileZilla
[2007/08/13 22:13:07 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GAMEON
[2009/03/19 16:55:05 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\GameTantra
[2007/08/11 21:26:31 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\gemsweeperextractedgfx
[2011/11/13 13:07:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\IObit
[2007/11/10 21:26:28 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\iWin
[2007/07/17 18:28:19 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Leadertech
[2008/01/03 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\My Games
[2009/03/19 03:12:52 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Neopets Toolbar
[2008/11/02 21:06:39 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\NewSoft
[2008/12/11 22:13:17 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Pharaohs Secret
[2009/11/16 22:09:45 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PlayFirst
[2008/04/13 10:04:21 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\PTV Game
[2007/12/14 22:39:48 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\ScanSoft
[2010/06/27 20:15:40 | 000,000,000 | ---D | M] -- C:\Users\Mom\AppData\Roaming\Wildfire
[2012/03/15 19:28:55 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >