Mom's computer acting "weird"

Author	All Replies
dgwalther Premium join:2003-01-25 Chesterfield, MO	Mom's computer acting "weird" Problem machine is my mother's. Acer ASpire M1100 with an Athlon X2 4400+ running Vista. Brother told me he used MBAM to get rid of some infections in the past but now with machine slow and "wierd" things happening MBAM cannot update. I ran SAS before coming here and it removed ~220 threats, can't find log even from with SAS. I ran through the mandatory steps with logs below. Mom is one to try surveys and "too good to be true" offers so she gets infected often. Trying to teach her better online behavior. Thanks for help! Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8147 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 11/12/2011 12:46:45 PM mbam-log-2011-11-12 (12-46-45).txt Scan type: Full scan (C:\\|) Objects scanned: 331126 Time elapsed: 48 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL logfile created on: 11/12/2011 2:46:49 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.75 Gb Total Physical Memory \| 0.75 Gb Available Physical Memory \| 42.93% Memory free 3.74 Gb Paging File \| 2.36 Gb Available in Paging File \| 62.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 144.29 Gb Total Space \| 84.09 Gb Free Space \| 58.28% Space Free \| Partition Type: NTFS Drive D: \| 144.04 Gb Total Space \| 143.82 Gb Free Space \| 99.85% Space Free \| Partition Type: NTFS Computer Name: SANDE-ACER \| User Name: admin \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/11/12 14:46:02 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\admin\Downloads\OTL.exe PRC - [2011/10/09 20:36:22 \| 000,092,320 \| ---- \| M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe PRC - [2011/08/11 17:38:07 \| 000,116,608 \| ---- \| M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/06/28 06:01:30 \| 001,195,408 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2011/04/14 13:01:38 \| 000,188,136 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe PRC - [2011/04/14 13:01:38 \| 000,171,168 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe PRC - [2011/04/14 13:01:38 \| 000,141,792 \| ---- \| M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe PRC - [2011/02/25 09:46:22 \| 000,249,648 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE PRC - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe PRC - [2010/01/15 06:49:20 \| 000,255,536 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009/04/11 00:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/05/16 05:11:44 \| 000,648,504 \| ---- \| M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2008/01/25 20:49:04 \| 000,269,448 \| ---- \| M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe PRC - [2008/01/03 03:55:52 \| 000,506,416 \| ---- \| M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2007/12/19 20:09:22 \| 000,024,576 \| ---- \| M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007/10/17 12:38:20 \| 000,028,672 \| ---- \| M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe PRC - [2007/09/10 16:28:18 \| 000,057,344 \| ---- \| M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007/03/01 15:52:04 \| 000,538,096 \| ---- \| M] ( ) -- C:\Windows\System32\dlbccoms.exe PRC - [2006/11/23 02:14:00 \| 004,423,680 \| ---- \| M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011/10/12 19:32:34 \| 000,998,400 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll MOD - [2011/10/12 19:30:49 \| 000,771,584 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011/10/12 19:30:44 \| 011,804,672 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011/10/12 19:30:08 \| 000,971,264 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011/10/11 21:28:11 \| 005,450,752 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011/10/11 21:27:43 \| 012,430,848 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011/10/11 21:27:24 \| 001,587,200 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011/10/11 21:25:21 \| 007,950,848 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011/10/11 21:24:05 \| 011,490,816 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011/10/09 20:36:22 \| 000,092,320 \| ---- \| M] () -- C:\Program Files\Common Files\SpeedBit\SBUpdate\SBUpdate.exe MOD - [2011/04/12 19:33:02 \| 000,084,480 \| ---- \| M] () -- C:\Windows\System32\EasyHook32.dll MOD - [2008/03/20 01:36:51 \| 001,675,264 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.36951__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008/03/20 01:36:51 \| 000,245,760 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.36910__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008/03/20 01:36:51 \| 000,196,608 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.36964__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008/03/20 01:36:51 \| 000,077,824 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.37171__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008/03/20 01:36:51 \| 000,065,536 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.37128__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008/03/20 01:36:51 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.36943__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008/03/20 01:36:51 \| 000,036,864 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008/03/20 01:36:51 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.36929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008/03/20 01:36:50 \| 000,483,328 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.37212__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008/03/20 01:36:24 \| 000,135,168 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.37218__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:24 \| 000,073,728 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.36924__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,794,624 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.37074__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,589,824 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.36978__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,438,272 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.36930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,401,408 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.37157__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008/03/20 01:36:23 \| 000,331,776 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.37136__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,217,088 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.36971__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,118,784 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.37095__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:23 \| 000,090,112 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.37143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008/03/20 01:36:23 \| 000,065,536 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008/03/20 01:36:23 \| 000,061,440 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008/03/20 01:36:23 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2783.37204__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008/03/20 01:36:23 \| 000,036,864 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.37094__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008/03/20 01:36:22 \| 000,475,136 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.37066__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:22 \| 000,331,776 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2783.37059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008/03/20 01:36:22 \| 000,057,344 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008/03/20 01:36:22 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.36983__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008/03/20 01:36:22 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008/03/20 01:36:22 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008/03/20 01:36:22 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008/03/20 01:36:22 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2756.30547__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008/03/20 01:36:22 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008/03/20 01:36:22 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2756.30557__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008/03/20 01:36:22 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008/03/20 01:36:22 \| 000,006,656 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008/03/20 01:36:21 \| 000,057,344 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2756.30548__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,049,152 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2756.30538__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008/03/20 01:36:21 \| 000,049,152 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,045,056 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008/03/20 01:36:21 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2756.30593__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2756.30535__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008/03/20 01:36:21 \| 000,028,672 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2756.30635__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008/03/20 01:36:21 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2756.30541__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008/03/20 01:36:21 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2756.30590__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008/03/20 01:36:21 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2756.30556__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2756.30550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2756.30543__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2756.30554__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2756.30578__90ba9c70f846762e\DEM.OS.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2756.30588__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2756.30552__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2756.30559__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008/03/20 01:36:21 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2756.30577__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,065,536 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,053,248 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,045,056 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2756.30590__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2756.30567__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,028,672 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2756.30560__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,028,672 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2756.30562__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2756.30592__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2756.30565__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2756.30537__90ba9c70f846762e\AEM.Foundation.dll MOD - [2008/03/20 01:36:20 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2756.30559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008/03/20 01:36:20 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2756.30555__90ba9c70f846762e\APM.Foundation.dll MOD - [2008/03/20 01:36:20 \| 000,016,384 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008/03/20 01:36:10 \| 000,036,864 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.37239__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008/03/20 01:36:10 \| 000,006,656 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.36901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008/03/20 01:36:09 \| 001,507,328 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.36918__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008/03/20 01:36:09 \| 000,471,040 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.36937__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008/03/20 01:36:09 \| 000,446,464 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.37186__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008/03/20 01:36:09 \| 000,102,400 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.37195__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008/03/20 01:36:09 \| 000,073,728 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.36902__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008/03/20 01:36:09 \| 000,065,536 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.36903__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008/03/20 01:36:09 \| 000,061,440 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.37193__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008/03/20 01:36:09 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2756.30545__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008/03/20 01:36:09 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2756.30555__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008/03/20 01:36:09 \| 000,040,960 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2756.30554__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008/03/20 01:36:09 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2756.30543__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008/03/20 01:36:09 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.37194__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008/03/20 01:36:09 \| 000,032,768 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008/03/20 01:36:09 \| 000,024,576 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2756.30589__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008/03/20 01:36:09 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2756.30556__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008/03/20 01:36:09 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2756.30556__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008/03/20 01:36:09 \| 000,020,480 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2756.30578__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008/03/20 01:36:08 \| 000,045,056 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2783.36902__90ba9c70f846762e\APM.Server.dll MOD - [2008/03/20 01:36:08 \| 000,045,056 \| ---- \| M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2783.36901__90ba9c70f846762e\AEM.Server.dll MOD - [2007/08/13 22:55:22 \| 000,159,744 \| ---- \| M] () -- C:\Windows\System32\atitmmxx.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2011/08/11 17:38:07 \| 000,116,608 \| ---- \| M] (SUPERAntiSpyware.com) [Auto \| Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2011/04/14 13:01:38 \| 000,188,136 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire) SRV - [2011/04/14 13:01:38 \| 000,171,168 \| ---- \| M] () [Unknown \| Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011/04/14 13:01:38 \| 000,141,792 \| ---- \| M] (McAfee, Inc.) [Unknown \| Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp) SRV - [2011/02/28 17:44:14 \| 000,183,560 \| ---- \| M] (Microsoft Corporation.) [On_Demand \| Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 09:46:22 \| 000,249,648 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/10/07 20:34:28 \| 000,364,216 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2010/03/10 10:14:44 \| 000,271,480 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV - [2010/01/15 06:49:20 \| 000,227,232 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008/05/21 16:25:30 \| 000,012,800 \| ---- \| M] (Pure Networks, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache) SRV - [2008/05/16 05:11:44 \| 000,648,504 \| ---- \| M] (Pure Networks, Inc.) [Auto \| Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2008/01/29 15:09:02 \| 000,394,704 \| ---- \| M] (Symantec, Inc.) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2008/01/25 20:49:04 \| 000,269,448 \| ---- \| M] (CyberLink) [Auto \| Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service) SRV - [2008/01/03 03:55:52 \| 000,506,416 \| ---- \| M] (Egis Incorporated) [Auto \| Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2007/12/19 20:09:22 \| 000,024,576 \| ---- \| M] () [Auto \| Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007/10/17 12:38:20 \| 000,028,672 \| ---- \| M] () [Auto \| Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService) SRV - [2007/09/10 16:28:18 \| 000,057,344 \| ---- \| M] (Acer Inc.) [Auto \| Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007/03/01 15:52:04 \| 000,538,096 \| ---- \| M] ( ) [Auto \| Running] -- C:\Windows\System32\dlbccoms.exe -- (dlbc_device) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/07/22 10:27:02 \| 000,012,880 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 15:55:22 \| 000,067,664 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011/04/14 13:01:38 \| 000,387,480 \| ---- \| M] (McAfee, Inc.) [Kernel \| Boot \| Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011/04/14 13:01:38 \| 000,314,088 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek) DRV - [2011/04/14 13:01:38 \| 000,165,032 \| ---- \| M] (McAfee, Inc.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk) DRV - [2011/04/14 13:01:38 \| 000,153,280 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011/04/14 13:01:38 \| 000,095,824 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2011/04/14 13:01:38 \| 000,084,488 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011/04/14 13:01:38 \| 000,064,584 \| ---- \| M] (McAfee, Inc.) [Kernel \| System \| Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk) DRV - [2011/04/14 13:01:38 \| 000,056,064 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids) DRV - [2011/04/14 13:01:38 \| 000,052,320 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk) DRV - [2008/05/16 05:10:32 \| 000,024,888 \| ---- \| M] (Pure Networks, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp) DRV - [2008/05/16 05:10:30 \| 000,026,424 \| ---- \| M] (Pure Networks, Inc.) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis) DRV - [2007/11/06 11:30:48 \| 000,006,080 \| ---- \| M] (Zeal SoftStudio) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport) DRV - [2007/11/06 11:30:46 \| 000,014,544 \| ---- \| M] (EnTech Taiwan) [Kernel \| Auto \| Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport) DRV - [2007/08/13 23:07:16 \| 003,076,608 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2007/07/03 11:05:20 \| 000,015,392 \| ---- \| M] (Acer, Inc.) [Kernel \| Auto \| Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2007/02/01 18:37:36 \| 000,982,272 \| ---- \| M] (Motorola Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2006/10/30 12:22:26 \| 000,008,192 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| Boot \| Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2005/10/20 15:00:04 \| 000,243,328 \| ---- \| M] (Ralink Technology Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »en.us.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »en.us.acer.yahoo.com IE - HKLM\..\URLSearchHook: {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = »global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/29 22:39:38 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/09 22:50:20 \| 000,000,000 \| ---D \| M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}: C:\Program Files\DAP\DAPFireFox [2011/10/09 20:36:25 \| 000,000,000 \| ---D \| M] [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2006/09/18 15:41:30 \| 000,000,761 \| ---- \| M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.) O2 - BHO: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.) O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110515223355.dll (McAfee, Inc.) O2 - BHO: (SBCONVERT Class) - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files\SpeedBit Video Downloader\TBUB6\tbcore3.dll () O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.) O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\TBUB6\Grabber.dll (SpeedBit) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUB6\tbcore3.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Mapit Toolbar) - {46a21652-3f93-437d-aac0-caa1f6713da0} - C:\Program Files\Mapit\prxtbMap0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\TBUB6\tbcore3.dll () O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2011\ARO.exe (Support.com) O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm () O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm () O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} »fpdownload2.macromedia.com/get/s···lash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE6885D8-44C3-47AC-8DF7-B8163C4A66DF}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\Userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 15:43:36 \| 000,000,024 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/11/12 11:52:19 \| 007,761,824 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam-rules.exe [2011/11/12 11:42:39 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2011/11/12 11:02:14 \| 000,000,000 \| ---D \| C] -- C:\Windows\pss [2011/11/11 23:19:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2011/11/11 23:19:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2011/11/11 23:19:48 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SUPERAntiSpyware [2011/11/06 21:52:14 \| 000,000,000 \| ---D \| C] -- C:\Windows\en [2011/10/30 22:37:53 \| 000,000,000 \| ---D \| C] -- C:\Program Files\W3i [2011/10/30 22:37:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater [2011/10/21 19:10:01 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/10/21 19:09:57 \| 000,022,216 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2008/03/20 01:38:36 \| 000,016,384 \| ---- \| C] ( ) -- C:\Windows\System32\ClearEvent.exe [2007/03/01 15:52:06 \| 000,386,544 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcih.exe [2007/03/01 15:52:04 \| 000,538,096 \| ---- \| C] ( ) -- C:\Windows\System32\dlbccoms.exe [2007/03/01 15:52:04 \| 000,382,448 \| ---- \| C] ( ) -- C:\Windows\System32\dlbccfg.exe [2007/02/02 06:06:34 \| 000,483,328 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcjswr.dll [2007/02/02 05:55:30 \| 000,073,728 \| ---- \| C] ( ) -- C:\Windows\System32\dlbccu.dll [2006/12/20 17:08:24 \| 000,643,072 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcpmui.dll [2006/12/20 17:06:58 \| 001,224,704 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcserv.dll [2006/12/20 17:01:04 \| 000,421,888 \| ---- \| C] ( ) -- C:\Windows\System32\dlbccomm.dll [2006/12/20 16:59:24 \| 000,585,728 \| ---- \| C] ( ) -- C:\Windows\System32\dlbclmpm.dll [2006/12/20 16:58:02 \| 000,397,312 \| ---- \| C] ( ) -- C:\Windows\System32\dlbciesc.dll [2006/12/20 16:55:40 \| 000,094,208 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcpplc.dll [2006/12/20 16:54:54 \| 000,684,032 \| ---- \| C] ( ) -- C:\Windows\System32\dlbccomc.dll [2006/12/20 16:54:20 \| 000,163,840 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcprox.dll [2006/12/20 16:47:32 \| 000,413,696 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcinpa.dll [2006/12/20 16:46:50 \| 000,991,232 \| ---- \| C] ( ) -- C:\Windows\System32\dlbcusb1.dll [2006/12/20 16:42:36 \| 000,696,320 \| ---- \| C] ( ) -- C:\Windows\System32\dlbchbn3.dll [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/11/12 14:43:56 \| 000,003,344 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/11/12 14:43:56 \| 000,003,344 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/11/12 14:21:11 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/11/12 11:53:55 \| 000,000,910 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/11/12 11:52:19 \| 007,761,824 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Users\admin\Desktop\mbam-rules.exe [2011/11/12 11:48:09 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/11/12 11:42:39 \| 000,001,739 \| ---- \| M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk [2011/11/12 11:40:17 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2011/11/12 11:40:14 \| 1878,515,712 \| -HS- \| M] () -- C:\hiberfil.sys [2011/11/12 11:01:59 \| 000,609,154 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2011/11/12 11:01:59 \| 000,106,286 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2011/11/12 10:59:00 \| 000,414,368 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/11/12 09:23:18 \| 000,001,975 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2011/11/11 23:19:53 \| 000,001,804 \| ---- \| M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/11/10 00:43:37 \| 000,000,269 \| ---- \| M] () -- C:\Windows\dellstat.ini [2011/10/24 19:00:00 \| 000,000,546 \| ---- \| M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - admin.job [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/11/11 23:19:53 \| 000,001,804 \| ---- \| C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2011/10/21 19:10:01 \| 000,000,910 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/10/09 20:36:22 \| 000,109,216 \| ---- \| C] () -- C:\Windows\System32\EasyHook64.dll [2011/05/15 18:48:47 \| 000,011,998 \| -HS- \| C] () -- C:\ProgramData\8yo32u74a4 [2011/05/14 21:22:42 \| 000,010,176 \| -HS- \| C] () -- C:\ProgramData\qw0j6rj2eh126b41tbg4561cs4qy0b8ai286q3u8rph5 [2011/04/16 19:25:09 \| 000,013,110 \| -HS- \| C] () -- C:\Users\admin\AppData\Local\5w16207e05scw72lrf6548x54kg28f07vaw0251 [2011/04/16 19:25:09 \| 000,013,110 \| -HS- \| C] () -- C:\ProgramData\5w16207e05scw72lrf6548x54kg28f07vaw0251 [2011/04/12 19:33:01 \| 000,084,480 \| ---- \| C] () -- C:\Windows\System32\EasyHook32.dll [2010/05/15 11:15:45 \| 000,767,952 \| ---- \| C] () -- C:\Windows\BDTSupport.dll0518.old [2010/05/15 11:15:45 \| 000,763,832 \| ---- \| C] () -- C:\Windows\BDTSupport.dll.old [2009/09/17 18:46:14 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/09/17 18:46:14 \| 000,107,612 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/08/20 20:18:12 \| 000,000,056 \| -H-- \| C] () -- C:\ProgramData\ezsidmv.dat [2009/08/03 14:07:42 \| 000,403,816 \| ---- \| C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 14:07:42 \| 000,230,768 \| ---- \| C] () -- C:\Windows\System32\OGAEXEC.exe [2009/01/02 12:01:05 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2008/11/22 09:06:37 \| 000,000,373 \| ---- \| C] () -- C:\Windows\System32\dlbccoin.ini [2008/09/13 15:09:52 \| 000,000,269 \| ---- \| C] () -- C:\Windows\dellstat.ini [2008/08/02 21:06:36 \| 000,018,904 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/03/20 01:39:41 \| 000,000,044 \| ---- \| C] () -- C:\Windows\Acer(Normal).ini [2008/03/20 01:39:41 \| 000,000,042 \| ---- \| C] () -- C:\Windows\Acer(Wide).ini [2008/03/20 01:38:36 \| 000,016,384 \| ---- \| C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008/03/19 19:41:59 \| 000,024,576 \| ---- \| C] () -- C:\Windows\NEWSETAPANEL.EXE [2008/03/06 00:38:44 \| 000,090,112 \| ---- \| C] () -- C:\Windows\System32\atibrtmon.exe [2008/02/26 02:03:46 \| 000,015,656 \| ---- \| C] () -- C:\Windows\System32\drivers\int15_64.sys [2008/02/26 02:03:26 \| 000,001,024 \| RH-- \| C] () -- C:\Windows\System32\NTIOFM4.dll [2008/02/26 02:03:25 \| 000,001,024 \| RH-- \| C] () -- C:\Windows\System32\NTIBUN5.dll [2008/02/26 00:23:01 \| 000,001,047 \| ---- \| C] () -- C:\Windows\generic.ini [2008/02/26 00:23:01 \| 000,000,128 \| ---- \| C] () -- C:\Windows\Alaunch.ini [2008/02/26 00:22:58 \| 003,107,788 \| ---- \| C] () -- C:\Windows\System32\atiumdva.dat [2008/02/26 00:22:58 \| 000,159,744 \| ---- \| C] () -- C:\Windows\System32\atitmmxx.dll [2008/02/26 00:22:58 \| 000,154,206 \| ---- \| C] () -- C:\Windows\System32\atiicdxx.dat [2007/02/02 06:06:10 \| 000,090,112 \| ---- \| C] () -- C:\Windows\System32\dlbccur.dll [2007/02/02 05:55:10 \| 000,413,696 \| ---- \| C] () -- C:\Windows\System32\dlbcutil.dll [2007/01/22 08:49:34 \| 000,344,064 \| ---- \| C] () -- C:\Windows\System32\dlbccoin.dll [2006/11/02 06:57:28 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2006/11/02 06:47:37 \| 000,297,328 \| ---- \| C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 06:35:32 \| 000,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 04:33:01 \| 000,609,154 \| ---- \| C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 04:33:01 \| 000,287,440 \| ---- \| C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 04:33:01 \| 000,106,286 \| ---- \| C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 04:33:01 \| 000,030,674 \| ---- \| C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 04:23:21 \| 000,215,943 \| ---- \| C] () -- C:\Windows\System32\dssec.dat [2006/11/02 02:58:30 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2006/11/02 02:19:00 \| 000,000,741 \| ---- \| C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 01:40:29 \| 000,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 01:25:31 \| 000,673,088 \| ---- \| C] () -- C:\Windows\System32\mlang.dat [2005/10/05 13:19:32 \| 000,040,960 \| ---- \| C] () -- C:\Windows\System32\dlbcvs.dll [2001/12/26 18:12:30 \| 000,065,536 \| ---- \| C] () -- C:\Windows\System32\multiplex_vcd.dll [2001/09/04 01:46:38 \| 000,110,592 \| ---- \| C] () -- C:\Windows\System32\Hmpg12.dll [2001/07/30 18:33:56 \| 000,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001/07/24 00:04:36 \| 000,118,784 \| ---- \| C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [color=#E56717]========== LOP Check ==========[/color] [2009/01/04 21:33:33 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\.jbwmdesktop [2008/04/22 22:05:38 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\Acer [2008/02/26 02:11:52 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\Acer GameZone Console [2009/08/20 15:17:24 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\bwm [2010/10/22 19:30:11 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/04/22 22:05:38 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\Leadertech [2011/05/16 15:59:32 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\Sammsoft [2011/03/19 14:49:13 \| 000,000,000 \| ---D \| M] -- C:\Users\admin\AppData\Roaming\Uniblue [2011/11/12 11:39:19 \| 000,032,632 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:553CA6CA @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
	to forum · permalink · 2011-11-12 19:14:15 ·
dgwalther Premium join:2003-01-25 Chesterfield, MO	Re: Mom's computer acting "weird" second half of logs OTL Extras logfile created on: 11/12/2011 2:46:49 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.75 Gb Total Physical Memory \| 0.75 Gb Available Physical Memory \| 42.93% Memory free 3.74 Gb Paging File \| 2.36 Gb Available in Paging File \| 62.99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 144.29 Gb Total Space \| 84.09 Gb Free Space \| 58.28% Space Free \| Partition Type: NTFS Drive D: \| 144.04 Gb Total Space \| 143.82 Gb Free Space \| 99.85% Space Free \| Partition Type: NTFS Computer Name: SANDE-ACER \| User Name: admin \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{14BAAA4E-F6B7-498C-843D-4FD2029B728F}" = lport=1900 \| protocol=17 \| dir=in \| name=windows live communications platform (ssdp) \| "{1C65E879-9266-4997-9B52-FBAE1A213528}" = rport=137 \| protocol=17 \| dir=out \| app=system \| "{35EB9417-277D-4D85-BA3E-7BA644F45E03}" = lport=445 \| protocol=6 \| dir=in \| app=system \| "{3BD15E49-184A-4625-B6C2-1E6797AA9362}" = rport=445 \| protocol=6 \| dir=out \| app=system \| "{6D69B7EE-8D27-48E0-BBA9-4D9AFD367B2D}" = lport=139 \| protocol=6 \| dir=in \| app=system \| "{81122A8D-D8F5-4382-8274-C605BFDF1534}" = lport=138 \| protocol=17 \| dir=in \| app=system \| "{840187E7-9F20-4D2C-8698-35C0BB3F9183}" = lport=rpc \| protocol=6 \| dir=in \| svc=spooler \| app=%systemroot%\system32\spoolsv.exe \| "{96626810-6CB1-4786-91FD-004E2592B875}" = lport=137 \| protocol=17 \| dir=in \| app=system \| "{9CD5DDFB-F6DD-4291-AE7D-05ACF6435CB7}" = rport=138 \| protocol=17 \| dir=out \| app=system \| "{A04F8621-88AC-4D9F-AC64-A8A19ACE4699}" = lport=2869 \| protocol=6 \| dir=in \| name=windows live communications platform (upnp) \| "{AA86CD54-D18B-4492-86DC-F5F03900AC85}" = lport=rpc-epmap \| protocol=6 \| dir=in \| svc=rpcss \| name=@firewallapi.dll,-28539 \| "{B2AAB2BA-6161-4337-858A-2E1A24DFAF5A}" = lport=67 \| protocol=17 \| dir=in \| name=dhcp discovery service \| "{C307E04D-DBE9-4BB1-9640-59747FDC3D70}" = rport=139 \| protocol=6 \| dir=out \| app=system \| "{D0197B5D-01F8-47B7-9A2C-0EC3871EF1D0}" = lport=1900 \| protocol=17 \| dir=in \| svc=ssdpsrv \| app=c:\windows\system32\svchost.exe \| "{FB50BA79-D7BD-47B4-8B29-D0455F12EF48}" = lport=67 \| protocol=17 \| dir=in \| name=dhcp discovery service \| [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07AD3A28-762E-4B0E-9A38-C1F7D440B5CD}" = protocol=58 \| dir=in \| name=@firewallapi.dll,-28545 \| "{0C6C9428-7B55-426C-A86F-DB4C4D16589C}" = dir=in \| app=c:\program files\windows live\mesh\moe.exe \| "{10DAFB14-8D9B-4B11-BB8D-0DC93F1163B4}" = dir=in \| app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe \| "{2424BBFC-DA74-4FA1-A988-DA7C7CD15A56}" = dir=in \| app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe \| "{261CA55F-C039-49C4-B362-C04A894B4F09}" = protocol=1 \| dir=in \| name=@firewallapi.dll,-28543 \| "{3BE693F5-7130-4BC7-9A6C-4A6205845946}" = dir=in \| app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe \| "{475B3E77-EDDF-4BE8-9872-3EE2A2CCA3DC}" = dir=in \| app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe \| "{51855AD4-B467-4A6A-92F3-4D65B4B7C43A}" = dir=in \| app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe \| "{53A279C9-94CB-4A8A-A6EE-DDEA81D23602}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{54DC87CE-21BD-4943-B7C3-8E63EBB4F7EC}" = protocol=17 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe \| "{74027377-7E08-40B5-9877-6232F2B5C24F}" = dir=in \| app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe \| "{80258673-EAD6-4F75-B0EF-D368458F1358}" = protocol=6 \| dir=in \| app=c:\windows\system32\dlbccoms.exe \| "{85B30592-2319-4109-8DA6-186FD76841D6}" = protocol=17 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe \| "{8DC014F6-2D09-4C7F-90B1-F5FF9AC3966B}" = dir=in \| app=c:\program files\skype\phone\skype.exe \| "{968871DE-8189-45BD-A9B4-9939E1B2BA14}" = dir=in \| app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe \| "{A3B67C9E-41D7-4610-A176-CEE5758E2622}" = protocol=6 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe \| "{C8AF8543-A1FC-420F-9556-007BD393FD27}" = protocol=58 \| dir=out \| name=@firewallapi.dll,-28546 \| "{CB7B33C5-FFE1-435D-8428-CABBFB844702}" = protocol=1 \| dir=out \| name=@firewallapi.dll,-28544 \| "{CD02F939-D1AA-4AE7-B51F-E0777A052B41}" = dir=in \| app=c:\program files\windows live\messenger\msnmsgr.exe \| "{CE47B956-C137-46AA-8EBD-8937F47CB507}" = dir=in \| app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe \| "{D0C01811-2795-4E7C-95FC-1B5D19F0C21D}" = protocol=6 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{D792D40E-2EB0-493B-8D3E-B9E0B319AA28}" = dir=in \| app=c:\program files\windows live\contacts\wlcomm.exe \| "{DDECFC1A-943C-475A-86AC-067A006AEF12}" = protocol=6 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe \| "{E33715D5-3E44-4CC4-9F02-4ECBF1025D1B}" = dir=in \| app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe \| "{E9861A1D-AFCD-4086-9B44-E2D5357FC34A}" = protocol=17 \| dir=in \| app=c:\windows\system32\dlbccoms.exe \| "{E9A58426-59F6-4D48-8290-41AC89E55B90}" = protocol=6 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe \| "{EDFE95DC-538D-4A77-9F86-036EAF0F008C}" = protocol=17 \| dir=in \| app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe \| "{F59907FA-7FEC-4285-9399-ACE7CFAF580D}" = protocol=17 \| dir=in \| app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe \| "{F77C497B-598A-4494-B8B9-4074CE1DC9BF}" = dir=in \| app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe \| "{FBEEBDA8-BD89-48CB-B267-6A4A9B6C8BEF}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0478A597-5B05-5671-B594-27427A642AE5}" = CCC Help Chinese Traditional "{07760C24-3C41-4C64-9A1D-1CF8D281060A}" = PG583_install_V6_1_32_36_vista "{0856323C-4103-4658-C5A8-FB16ED3079F5}" = Catalyst Control Center Localization Greek "{08AD32A8-D704-4FC8-DB04-CA90A373D9C3}" = Catalyst Control Center Localization Portuguese "{0A23CBF1-CCB0-B411-6A7A-A177E376BF70}" = Catalyst Control Center Localization Danish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{0E92F644-6E11-8FE3-1BFC-5DB09A79F9B3}" = CCC Help Japanese "{0ECD1EB9-CBB5-09BA-5947-74CBDA3011FC}" = CCC Help Spanish "{0F2F77E4-4053-4108-B153-81F0B42EDCF4}" = WebIQ Technology Engine "{12EDCFD1-E000-F4F2-A3E6-A6C15D0F8A63}" = Catalyst Control Center Graphics Previews Vista "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19BDBEDD-5264-29E1-1BFB-6F64FD943596}" = CCC Help Czech "{1AFA55D1-EA04-9E87-4537-929E66B60D69}" = CCC Help Russian "{1C028265-E8D7-751F-246F-9FD52CD237A8}" = Catalyst Control Center Localization Hungarian "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1CCB52B9-FB58-0729-5C26-E8F8B3162043}" = Catalyst Control Center Core Implementation "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FA97774-2351-8DF4-7853-BEB20C726DFB}" = Catalyst Control Center Localization Russian "{1FB9A0D0-DC5C-B75A-36EE-414706846CC2}" = Catalyst Control Center Localization Italian "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20308457-CE7C-85A9-1B8F-6C521B2B4CCF}" = CCC Help Hungarian "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{213ABE23-10B9-F45F-DC87-63DACAD40C0D}" = Skins "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{24C7254F-C2D5-22FC-7C7C-F17E4894530E}" = CCC Help Italian "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11 "{28FD3796-5271-EF11-DA27-2939ACA62515}" = CCC Help Greek "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29456613-49DE-D48C-10E6-06AD36EEE3D7}" = CCC Help Norwegian "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine "{31C4615C-45C3-776C-AE54-9CE4B76E9DD1}" = CCC Help Korean "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34C1AC91-2D4A-59C1-6875-B3692D1E0365}" = Catalyst Control Center Localization Chinese Standard "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4708942C-76A1-ECC8-5B3D-0D412D68DF24}" = Catalyst Control Center Localization Dutch "{47247CC1-1221-9449-B4EF-8C9F6D02C1A0}" = CCC Help Swedish "{4E084313-093F-5947-CEB9-DE41FD24EF1B}" = Catalyst Control Center Localization Czech "{4F78B943-3CE1-410F-BC3A-FC65C3EB1F89}" = YUAN PE585QA Driver "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{52F4AC33-36D4-78D2-E694-7AAC07CD6C5A}" = Catalyst Control Center Graphics Light "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{59FD9D9B-29F9-7572-C2B1-30B65AB2BC29}" = Catalyst Control Center Localization Japanese "{5D976966-B187-E4D5-5AF1-23C54556E173}" = CCC Help German "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AD90C4B-89D3-5961-F13F-835E73DA1082}" = ccc-utility "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{856D0363-1C0A-1562-46E7-A9ECABC8DF78}" = CCC Help Polish "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8CCFDB06-9B09-12D7-F1D4-1E22AC7583E0}" = Catalyst Control Center Localization Finnish "{8D982E57-BF86-BEE7-3944-BD346EFE6A24}" = CCC Help Portuguese "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{8FAE8DE8-A63C-F5DE-D9F7-E011BBD44C32}" = CCC Help Turkish "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B69B60A-E238-47EE-B60E-32BF41E2E6FA}" = PC MightyMax 2011 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A0D21ABE-D004-5F89-4485-1BF4C7B3D66A}" = Catalyst Control Center Graphics Full Existing "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A37978CF-6E03-238A-6571-7EA53B8FAE1B}" = Catalyst Control Center Localization Norwegian "{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A830CA28-932E-6081-EEAA-31A6173DCA23}" = CCC Help Finnish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{A980B2A8-661F-35CD-4C3C-8EECE2F5F5D1}" = Catalyst Control Center Localization Korean "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3 "{AF04309C-7CFC-C0F4-8A75-5135AF07FD1A}" = ccc-core-static "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B20A9F0F-9504-A107-E381-E956CE96EE86}" = Catalyst Control Center Localization Chinese Traditional "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B3BCCEC8-58B0-4B2A-0B25-2DF887F06E55}" = CCC Help Danish "{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator "{B5CCC9F7-3D21-B444-7EB4-235C1E0AC551}" = CCC Help Dutch "{BC24FA40-8A7A-42FF-0B9A-5FB02E2A5536}" = CCC Help Thai "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform "{CCA08326-B1CA-A2A7-10A1-EA1978847514}" = Catalyst Control Center Localization German "{CDD3ACE0-7C01-10C8-495D-831EB9375095}" = Catalyst Control Center Localization Thai "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management "{D6093905-1B7B-D236-2054-CC0B3E08B413}" = ATI Catalyst Install Manager "{D7BFE046-4862-AF73-0FB9-E3723BDFDE40}" = CCC Help French "{DBED8673-81E5-7763-F3E5-887E43F2E428}" = CCC Help English "{DC9A7C58-A8A8-0B6D-F1FA-6A35DE82A8E7}" = CCC Help Chinese Standard "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE3FECA8-82DD-B597-80EB-6236918FFABB}" = Catalyst Control Center Localization Polish "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E16BEE5B-82E8-574E-786F-B21DC03E7091}" = Catalyst Control Center Localization Spanish "{E32DF02F-0C8F-DE2F-9E76-4EA3960D7083}" = Catalyst Control Center Localization Turkish "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com "{E8302B10-2762-1C24-596C-ED5FFBA1E041}" = Catalyst Control Center Localization French "{E940B035-8220-4C6B-C064-D6E4424553FC}" = Catalyst Control Center Graphics Full New "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FEA4C854-4B15-2FD3-BDE8-9654EC55AB72}" = Catalyst Control Center Localization Swedish "Acer Assist" = Acer Assist "Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1 "Acer Registration" = Acer Registration "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "ARO 2011_is1" = ARO 2011 "BWM 2.0 diet manager" = BWM 2.0 diet manager "CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Coupon Printer for Windows4.0" = Coupon Printer for Windows "DB77CFA42983BD7D1CD0FB829CC6F71BEA49C472" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (08/19/2007 6.1.32.36) "Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP) "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300 "Mapit Toolbar" = Mapit Toolbar "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mplayer" = Mplayer 0.6.9 "MSC" = McAfee SecurityCenter "Network MagicUninstall" = Network Magic "SelectRebatesUninstall" = ShopAtHome.com Toolbar "SMSERIAL" = Motorola SM56 Speakerphone Modem "SpeedBit Video Downloader" = SpeedBit Video Downloader "Surf Canyon" = Fast Search by Surf Canyon "WinLiveSuite" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Toolbar" = Yahoo! Toolbar [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 11/9/2011 9:36:05 PM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/10/2011 10:58:23 AM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/10/2011 10:59:18 AM \| Computer Name = SandE-Acer \| Source = Application Error \| ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp 0x4d76255d, faulting module JScript9.dll, version 9.0.8112.16437, time stamp 0x4e5eef88, exception code 0xc0000005, fault offset 0x0002c247, process id 0x12f0, application start time 0x01cc9fb92bc4dfb0. Error - 11/11/2011 1:37:01 AM \| Computer Name = SandE-Acer \| Source = EventSystem \| ID = 4621 Description = Error - 11/11/2011 7:33:55 PM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/12/2011 2:38:08 AM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/12/2011 12:41:21 PM \| Computer Name = SandE-Acer \| Source = Windows Search Service \| ID = 3024 Description = Error - 11/12/2011 12:58:18 PM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/12/2011 1:11:38 PM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = Error - 11/12/2011 1:41:59 PM \| Computer Name = SandE-Acer \| Source = WinMgmt \| ID = 10 Description = [ System Events ] Error - 11/10/2011 10:57:32 AM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Error - 11/11/2011 7:32:57 PM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Error - 11/12/2011 2:37:13 AM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Error - 11/12/2011 12:56:56 PM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Error - 11/12/2011 1:09:59 PM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Error - 11/12/2011 1:22:51 PM \| Computer Name = SandE-Acer \| Source = Service Control Manager \| ID = 7034 Description = Error - 11/12/2011 1:34:45 PM \| Computer Name = SandE-Acer \| Source = Service Control Manager \| ID = 7009 Description = Error - 11/12/2011 1:34:45 PM \| Computer Name = SandE-Acer \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/12/2011 1:35:15 PM \| Computer Name = SandE-Acer \| Source = DCOM \| ID = 10010 Description = Error - 11/12/2011 1:40:22 PM \| Computer Name = SandE-Acer \| Source = Print \| ID = 19 Description = The print spooler failed to share printer Dell Photo Printer 720 with shared resource name . Error 1215. The printer cannot be used by others on the network. Results of screen317's Security Check version 0.99.26 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] Windows Firewall Disabled! McAfee Security Scan Plus McAfee SecurityCenter [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Malwarebytes' Anti-Malware Java(TM) 6 Update 11 Java(TM) 6 Update 5 Java(TM) 6 Update 7 [color=red]Out of date Java installed![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] ``````````End of Log```````````` ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=0f913d58d8c33d429f2b9219dee3c66c # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-11-12 10:08:21 # local_time=2011-11-12 04:08:21 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5121 16777213 100 75 15111774 34128202 0 0 # compatibility_mode=5892 16776574 66 100 32413035 157739134 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=168961 # found=1 # cleaned=1 # scan_time=4094 C:\Users\Susie\Downloads\backdoor.htm JS/TrojanDownloader.HackLoad.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C esets_scanner_update returned -1 esets_gle=53251
	to forum · permalink · 2011-11-12 19:21:23 ·

LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to dgwalther Re: Mom's computer acting "weird" Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-13 11:56:51 ·
dgwalther Premium join:2003-01-25 Chesterfield, MO	Re: Mom's computer acting "weird" Here is Sophos log. There is a caveat. I disconnected from internet and then started Sophos. After 3-45 seconds I realized I forgot to disable McAfee real-time protection. So I just reacted to the situation and stopped Sophos and disabled McAfee. Sophos screen said one item found. I thought Sophos would just continue the scan already started but I guess not as the ending screen and log say nothing found. Guess Sophos removed whatever it found? What to do now? Thanks. Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 11/13/2011 at 14:02:16 PM User "admin" on computer "SANDE-ACER" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32 Info: Starting process scan. Warning: Could not read memory belonging to another process. Process scan may not be supported on this version of Windows. A device attached to the system is not functioning. Warning: No file name could be found for this process. It may be hidden by malware - please try again after a clean up and restart. Hidden: process (null) Info: Starting registry scan. Stopped logging on 11/13/2011 at 14:02:42 PM Sophos Anti-Rootkit Version 1.5.20 (c) 2009 Sophos Plc Started logging on 11/13/2011 at 14:03:32 PM User "admin" on computer "SANDE-ACER" Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32 Info: Starting process scan. Info: Starting registry scan. Info: Starting disk scan of C: (NTFS). Info: Starting disk scan of D: (NTFS). Stopped logging on 11/13/2011 at 14:36:17 PM
	to forum · permalink · 2011-11-13 16:00:12 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to dgwalther There is nothing showing in the logs other than a little cleanup and a couple of borderline programs. Mapit and WIndows and Windows Coupon Printer have privacy, adware, or tracking issues associated with them. They are not harmful, but I recommend using Add/Remove Programs to uninstall. This is optional. Two items need cleaning: Run OTL []Under the Custom Scans/Fixes* box at the bottom, copy and paste the contents of the following box: :OTL O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll File not found :Services :Reg :Files :Commands [purity] [emptytemp] [EMPTYFLASH] [Reboot] []Then click the Run Fix* button at the top []Let the program run unhindered, reboot the PC when it is done []Once you see a message box "Fix complete! Click OK to open the fix log." []Click the OK button []The log will open in Notepad (your default text editor). {]Save the log. Post a copy of that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2011-11-13 18:07:21 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to dgwalther Also, can you expand on the symptoms you describe as "acting wierd:?
	to forum · permalink · 2011-11-13 18:08:15 ·
dgwalther Premium join:2003-01-25 Chesterfield, MO	Thanks, will do these next steps tonight when I get home from work. I will be doing them via LogMeIn now as I was visiting them over the weekend and am now 400 miles away. Will this work OK? "Weird" is just how my mom/brother described it. Only specific thing was that MBAM would not update. While I was there I noticed that even when I logged in on admin account that I would get a popup and task bar notification about startup processes being blocked and that was MBAM. Is that normal? Doesn't happen on my machines (XP and 7, mother's machine is Vista). Also seems to be a lot of disk activity during login until a quiet desktop is reached. Is Download Accelerator Plus (DAP) questionable? She used it during her dialup days but she has broadband now and I told her it most likely doesn't help and may be a source of malware. Removed DAP and the shopping/rebate applications from startup via msconfig. Thanks for the help!
	to forum · permalink · 2011-11-14 15:55:03 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23	reply to dgwalther With a broadband account DAP would be optional. There are many factors involved. You can try uninstalling it. Also, try uininstalling MBAM, restart, and install again. The program may be corrupt.
	to forum · permalink · 2011-11-14 16:17:14 ·

Broadband Tech > Security > Security Cleanup > Mom's computer acting "weird"

Re: Mom's computer acting "weird" second half of logs

Re: Mom's computer acting "weird"