acer aspire one D150 netbook freezing

**stoneshaper** · 2012-07-29, 04:01

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 7.0.5730.13
Donna :: ACER-36D0BD61CF [administrator]

7/28/2012 8:08:56 PM
mbam-log-2012-07-28 (20-08-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284982
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OLT
OTL logfile created on: 7/28/2012 8:49:54 PM - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.88 Mb Total Physical Memory | 770.79 Mb Available Physical Memory | 76.02% Memory free
2.39 Gb Paging File | 2.29 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 123.12 Gb Free Space | 86.08% Space Free | Partition Type: NTFS

Computer Name: ACER-36D0BD61CF | User Name: Donna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Donna\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (RS_Service) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (USBCCID) -- system32\DRIVERS\Rts5161ccid.sys File not found
DRV - (Rts516xIR) -- system32\DRIVERS\Rts516xIR.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (iscFlash) -- C:\DOCUME~1\Donna\LOCALS~1\Temp\7zSF.tmp\iscflash.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\Donna\LOCALS~1\Temp\catchme.sys File not found
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (int15.sys) -- c:\Acernb\int15.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2771580065-927890586-840360825-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/25 17:07:25 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2012/07/12 21:26:16 | 000,442,725 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15234 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe (sonix)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\System32\csnp2uvc.dll ( )
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer VCM.lnk = C:\Program Files\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2771580065-927890586-840360825-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/micr...?1342060240328 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1342060232390 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B4845B2-0B34-45AB-8C0C-FF69AE4AB09C}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8C3F79C-33FD-4DF6-9763-D52994DCDB82}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Acer.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/16 18:34:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/28 20:43:59 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2012/07/28 20:06:23 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Donna\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/28 14:11:42 | 000,000,000 | ---D | C] -- C:\backup
[2012/07/28 08:11:41 | 002,002,944 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Donna\Desktop\HousecallLauncher.exe
[2012/07/27 21:18:19 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/07/27 21:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\DriverCure
[2012/07/27 21:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\SpeedyPC Software
[2012/07/27 21:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Start Menu\Programs\SpeedyPC Software
[2012/07/27 21:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedyPC Software
[2012/07/27 21:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedyPC Software
[2012/07/27 21:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/07/27 19:57:53 | 000,000,000 | ---D | C] -- C:\ubuntu
[2012/07/26 05:03:33 | 000,000,000 | ---D | C] -- C:\f04441420a44802669
[2012/07/25 17:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/25 17:03:58 | 000,000,000 | -HSD | C] -- C:\found.001
[2012/07/25 05:48:03 | 000,000,000 | ---D | C] -- C:\ed111e0310983e183181dcf521b3
[2012/07/12 22:22:42 | 000,000,000 | ---D | C] -- C:\7a2cb2103f63f0c01dafde
[2012/07/12 22:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/12 22:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2012/07/12 21:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/12 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/07/12 21:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/07/11 22:22:35 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/07/11 21:30:56 | 000,015,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/07/11 05:38:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/07/10 23:07:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/07/10 23:07:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/07/10 23:07:03 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/07/10 23:07:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/07/10 23:06:38 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/10 23:06:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donna\My Documents\My Videos
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/07/10 23:06:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Donna\Start Menu\Programs\Administrative Tools
[2012/07/10 23:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/07/09 23:34:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\Malwarebytes
[2012/07/09 23:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/09 23:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/09 23:34:13 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/09 23:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/09 23:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\U3
[2012/07/09 23:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012/07/09 23:03:47 | 000,000,000 | ---D | C] -- C:\rsit
[2012/07/09 22:12:46 | 000,000,000 | ---D | C] -- C:\0160a5cb8768dca4f6eb
[2012/07/09 22:12:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Desktop
[2012/07/09 22:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2012/07/09 22:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/07/09 22:10:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/07/09 22:00:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/09 20:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/09 20:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Local Settings\Application Data\AVG Secure Search
[2012/07/09 20:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
[2012/07/09 20:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/07/09 20:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2012/07/09 20:02:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/07/09 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/07/09 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/09 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/09 19:13:45 | 000,000,000 | ---D | C] -- C:\a5e8f45f25baa017afcc3d7dd8ec
[2012/07/09 19:08:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/09 18:43:48 | 000,000,000 | ---D | C] -- C:\695a62174b17b3390824
[2012/07/04 08:04:46 | 000,000,000 | ---D | C] -- C:\3d296386f402c8162e5272ed064d
[2012/07/03 17:21:48 | 000,000,000 | ---D | C] -- C:\f4e35f02c6426828dad9677121
[2012/06/29 19:12:21 | 000,000,000 | ---D | C] -- C:\134376ae0be880e80e68ae46
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/28 20:43:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/28 20:07:52 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Donna\Desktop\OTL.exe
[2012/07/28 20:06:58 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 20:06:29 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Donna\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/28 08:11:46 | 002,002,944 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Donna\Desktop\HousecallLauncher.exe
[2012/07/27 21:16:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\housecall.guid.cache
[2012/07/27 21:13:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,940 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\SpeedyPC Pro.lnk
[2012/07/27 21:13:36 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/07/27 21:13:35 | 000,000,396 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/27 20:26:06 | 000,135,675 | ---- | M] () -- C:\wubildr
[2012/07/27 20:26:06 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr
[2012/07/27 18:50:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/25 20:31:09 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/25 18:53:05 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/07/25 05:57:40 | 000,436,244 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/25 05:57:40 | 000,069,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/12 22:22:31 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/07/12 22:16:35 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2012/07/12 22:11:54 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\ERUNT.lnk
[2012/07/12 21:26:16 | 000,442,725 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/12 21:16:28 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/12 21:16:28 | 000,000,937 | ---- | M] () -- C:\Documents and Settings\Donna\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 23:21:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-212616.backup
[2012/07/09 20:53:10 | 063,961,885 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/09 20:50:30 | 000,033,758 | ---- | M] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\dt.dat
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/28 20:06:58 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/27 21:16:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\housecall.guid.cache
[2012/07/27 21:13:47 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,940 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\SpeedyPC Pro.lnk
[2012/07/27 21:13:36 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/07/27 21:13:35 | 000,000,396 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/07/27 20:26:06 | 000,135,675 | ---- | C] () -- C:\wubildr
[2012/07/27 20:26:06 | 000,008,192 | ---- | C] () -- C:\wubildr.mbr
[2012/07/12 22:11:54 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\ERUNT.lnk
[2012/07/12 21:16:28 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\Donna\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/12 21:16:28 | 000,000,937 | ---- | C] () -- C:\Documents and Settings\Donna\Desktop\Spybot - Search & Destroy.lnk
[2012/07/10 23:07:03 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/07/10 23:07:03 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/07/10 23:07:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/07/10 23:07:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/07/10 23:07:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/07/09 23:26:52 | 000,000,867 | ---- | C] () -- C:\WINDOWS\System32\Config.MPF
[2012/07/09 20:53:10 | 063,961,885 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012/07/09 20:50:30 | 000,033,758 | ---- | C] () -- C:\Documents and Settings\Donna\Local Settings\Application Data\dt.dat
[2012/02/16 15:48:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

========== LOP Check ==========

[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.000\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.001\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.ACER-36D0BD61CF.003\Application Data\Acer
[2012/07/09 20:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/07/09 22:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2012/07/09 19:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/01/16 20:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eSobi
[2012/07/09 22:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/07/27 21:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Acer
[2009/01/16 20:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\Acer
[2012/07/09 20:03:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\AVG Secure Search
[2012/07/27 21:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\DriverCure
[2010/01/12 13:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\eSobi
[2012/07/27 21:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Donna\Application Data\SpeedyPC Software
[2012/07/27 21:13:35 | 000,000,396 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Pro.job
[2012/07/27 21:13:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Registration3.job
[2012/07/27 21:13:36 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/07/27 21:13:36 | 000,000,440 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========

< End of report >
OTL EXTRAS
OTL Extras logfile created on: 7/28/2012 8:44:15 PM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Donna\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.88 Mb Total Physical Memory | 800.03 Mb Available Physical Memory | 78.91% Memory free
2.39 Gb Paging File | 2.31 Gb Available in Paging File | 96.92% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 123.12 Gb Free Space | 86.08% Space Free | Partition Type: NTFS
Drive D: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 3.81 Gb Total Space | 3.33 Gb Free Space | 87.27% Space Free | Partition Type: FAT32

Computer Name: ACER-36D0BD61CF | User Name: Donna | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.6.0.260_Foxconn Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = WebCam
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}" = Windows Live Sign-in Assistant
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{73490214-D4F4-450B-9DAC-416E4CEB3C58}" = Acer ScreenSaver
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/27/2012 10:02:02 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/27/2012 10:05:43 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/27/2012 10:05:43 PM | Computer Name = ACER-36D0BD61CF | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 7/27/2012 10:05:44 PM | Computer Name = ACER-36D0BD61CF | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 7

Error - 7/27/2012 10:07:14 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 9:08:26 AM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 10:32:04 AM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 2:30:27 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 3:04:21 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

Error - 7/28/2012 3:05:32 PM | Computer Name = ACER-36D0BD61CF | Source = WinMgmt | ID = 27
Description = WinMgmt could not open the repository file. This could be due to
insufficient security access to the "<SystemRoot>\System32\WBEM\Repository", insufficient
disk space or insufficient memory.

[ System Events ]
Error - 7/28/2012 2:34:37 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 3:05:46 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:37:16 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:37:18 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:37:21 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:38:17 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:42:16 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:43:31 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/28/2012 9:43:32 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/28/2012 9:43:35 PM | Computer Name = ACER-36D0BD61CF | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

**ken545** · 2012-07-29, 04:13

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
[2012/07/10 23:21:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120712-212616.backup


:Services

:Reg

:Files
ipconfig /flushdns /c


:Commands
[purity]
[resethosts]
[CLEARALLRESTOREPOINTS]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

**stoneshaper** · 2012-07-29, 14:09

All processes killed
========== PROCESSES ==========
========== OTL ==========
C:\WINDOWS\system32\drivers\etc\hosts.20120712-212616.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Donna\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Donna\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
System Restore Service not available.

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 396 bytes

User: Administrator.ACER-36D0BD61CF
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 396 bytes

User: Administrator.ACER-36D0BD61CF.000
->Temp folder emptied: 61833345 bytes
->Temporary Internet Files folder emptied: 3297611 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.001
->Temp folder emptied: 61849729 bytes
->Temporary Internet Files folder emptied: 3297580 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.002
->Temp folder emptied: 59965967 bytes
->Temporary Internet Files folder emptied: 2388034 bytes
->Flash cache emptied: 531 bytes

User: Administrator.ACER-36D0BD61CF.003
->Temp folder emptied: 61734017 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: All Users

User: Default User
->Temp folder emptied: 61717633 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 396 bytes

User: Donna
->Temp folder emptied: 93582091 bytes
->Temporary Internet Files folder emptied: 55463622 bytes
->Flash cache emptied: 23290 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2079986 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 11026326 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33438 bytes
RecycleBin emptied: 7260048 bytes

Total Files Cleaned = 463.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 07292012_070350

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

**ken545** · 2012-07-29, 14:56

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure "Include All Files" option remains checked.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

**stoneshaper** · 2012-07-29, 15:32

Farbar Service Scanner Version: 26-07-2012
Ran by Donna (administrator) on 29-07-2012 at 08:30:52
Running from "C:\Documents and Settings\Donna\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Network
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuauserv.dll".

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem: "C:\WINDOWS\system32\svchost.exe -k netsvcs".
The ServiceDll of EventSystem: "C:\WINDOWS\system32\es.dll".

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) MPFP(8) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000008000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****

**ken545** · 2012-07-29, 16:17

Things running OK, you may have some windows issues

**stoneshaper** · 2012-07-29, 16:30

Thank you,
I'll look into it further.
Shane

**ken545** · 2012-07-29, 16:48

Lets see if this finds and fixes anything

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**stoneshaper** · 2012-07-29, 17:14

ComboFix 12-07-29.02 - Donna 07/29/2012 9:56.2.2 - x86 NETWORK
Running from: c:\documents and settings\Donna\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
.
.
2012-07-29 12:07 . 2012-07-29 12:07 -------- d-----w- C:\e045c8119e92939a3c
2012-07-29 12:03 . 2012-07-29 12:03 -------- d-----w- C:\_OTL
2012-07-29 02:09 . 2012-07-29 02:19 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-28 19:11 . 2012-07-28 19:11 -------- d-----w- C:\backup
2012-07-28 02:18 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\Donna\Application Data\DriverCure
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\Donna\Application Data\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-07-28 02:13 . 2012-07-28 02:13 -------- d-----w- c:\program files\SpeedyPC Software
2012-07-28 00:57 . 2012-07-28 02:04 -------- d-----w- C:\ubuntu
2012-07-26 10:03 . 2012-07-28 02:04 -------- d-----w- C:\f04441420a44802669
2012-07-25 22:10 . 2012-07-25 22:10 -------- d-----w- c:\program files\ESET
2012-07-25 22:03 . 2012-07-25 22:03 -------- d-----w- C:\found.001
2012-07-25 10:48 . 2012-07-25 10:48 -------- d-----w- C:\ed111e0310983e183181dcf521b3
2012-07-13 03:22 . 2012-07-13 03:22 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-13 03:22 . 2012-07-13 03:22 -------- d-----w- C:\7a2cb2103f63f0c01dafde
2012-07-13 03:11 . 2012-07-13 03:11 -------- d-----w- c:\program files\ERUNT
2012-07-13 02:16 . 2012-07-13 03:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-07-13 02:16 . 2012-07-13 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-07-12 03:22 . 2012-07-12 03:22 -------- d-----w- C:\found.000
2012-07-12 02:30 . 2012-06-02 20:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-07-10 04:34 . 2012-07-10 04:34 -------- d-----w- c:\documents and settings\Donna\Application Data\Malwarebytes
2012-07-10 04:34 . 2012-07-10 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 04:34 . 2012-07-29 01:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 04:34 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 04:24 . 2012-07-11 04:04 -------- d-----w- c:\documents and settings\Donna\Application Data\U3
2012-07-10 04:03 . 2012-07-10 04:04 -------- d-----w- C:\rsit
2012-07-10 04:03 . 2012-07-10 04:03 -------- d-----w- c:\program files\trend micro
2012-07-10 04:02 . 2008-04-14 05:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2012-07-10 03:13 . 2012-07-10 03:13 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-10 03:12 . 2012-07-10 03:12 -------- d-----w- C:\0160a5cb8768dca4f6eb
2012-07-10 03:10 . 2012-07-10 03:10 -------- d-----w- c:\program files\McAfee.com
2012-07-10 03:10 . 2012-07-10 03:10 -------- d-----w- c:\program files\Common Files\McAfee
2012-07-10 01:04 . 2012-07-10 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-07-10 01:04 . 2012-07-10 01:04 -------- d-----w- c:\documents and settings\Donna\Local Settings\Application Data\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 01:03 -------- d-----w- c:\documents and settings\Donna\Application Data\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 03:11 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-07-10 01:03 . 2012-07-10 03:11 -------- d-----w- c:\program files\AVG Secure Search
2012-07-10 01:02 . 2012-07-10 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-07-10 01:02 . 2012-07-10 03:11 -------- d-----w- C:\$AVG
2012-07-10 01:02 . 2012-07-10 01:53 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-10 01:02 . 2012-07-10 01:02 -------- d-----w- c:\program files\AVG
2012-07-10 00:51 . 2012-07-10 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-07-10 00:51 . 2012-07-10 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2012-07-10 00:13 . 2012-07-10 03:12 -------- d-----w- C:\a5e8f45f25baa017afcc3d7dd8ec
2012-07-09 23:43 . 2012-07-10 03:12 -------- d-----w- C:\695a62174b17b3390824
2012-07-09 23:35 . 2012-07-09 23:36 -------- d-----w- c:\documents and settings\Administrator
2012-07-04 13:04 . 2012-07-09 23:38 -------- d-----w- C:\3d296386f402c8162e5272ed064d
2012-07-03 22:21 . 2012-07-09 23:38 -------- d-----w- C:\f4e35f02c6426828dad9677121
2012-06-30 00:12 . 2012-07-09 23:38 -------- d-----w- C:\134376ae0be880e80e68ae46
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 22:35 . 2009-01-16 23:32 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-04 22:35 . 2012-06-04 22:35 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 20:19 . 2009-08-07 01:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 20:19 . 2009-08-07 01:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 20:19 . 2009-01-16 23:32 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 20:19 . 2009-01-16 23:32 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 20:19 . 2009-08-07 01:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 20:19 . 2009-01-16 23:32 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 20:19 . 2009-01-16 23:32 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 20:19 . 2009-01-16 23:18 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 20:19 . 2009-08-07 01:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 20:19 . 2009-01-16 23:32 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 20:19 . 2009-01-16 23:32 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2009-01-16 23:18 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-02 13:46 . 2009-01-16 23:31 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 18081280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-20 1398056]
"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2008-10-03 294544]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
R3 iscFlash;iscFlash;c:\docume~1\Donna\LOCALS~1\Temp\7zSF.tmp\iscflash.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R4 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-29 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 23:17]
.
2012-07-28 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2012-07-06 20:52]
.
2012-07-29 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
2012-07-29 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-07-06 20:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-29 10:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1132)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2012-07-29 10:06:56
ComboFix-quarantined-files.txt 2012-07-29 15:06
.
Pre-Run: 132,580,458,496 bytes free
Post-Run: 132,545,495,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C137ECC9AC0F6C6B09182CD0608DD7F4

**ken545** · 2012-07-29, 17:59

Nothing bad was found and removed so at this point you may just have some plain old windows issues.

Let me point something out, there are 100s of programs that claim to fix or clean up your system, most are worthless and not needed, I have been into computing since windows 3.1 and never had any need for any 3rd party programs , most of what you need is built right into windows.

DriverCure <-- If for example you need to update drivers for a video card, you need to go right to the manufactures website and download the correct driver from them

SpeedyPC Software <-- I'll let you read this and you can make up your own mind to keep it or not, most do more damage than good

http://answers.microsoft.com/en-us/w...8-e2a5a876daa1

http://www.mywot.com/en/scorecard/www.speedypc.com

Why dont you post here and let them check over your system and offer any advice they may have, I would link them to this thread so they can see what we have done and look at Farbars Service Scanner so they can see whats going on in that area.

http://forums.whatthetech.com/index.php?showforum=119

Good luck

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

Thread: acer aspire one D150 netbook freezing

Thread Tools

Display

malwarebytes report/OTL txt/EXTRAS

otl fix log

Fss

Thanks

combofixlog

Posting Permissions