Solved ads/pop ups galore

[Resolved] ads/pop ups galore

My Daughter has a new pc for christmas and already has loads of ads popping up all the time such as ads.bootcamp media, adserver.adtechus, and ads asking to sponsor a child and van insurance. please could you kindly take a look at the HJT log and do your best to help.

MANY THANKS TO YOU ALL.
Sean.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:52, on 05/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Users\CAITLI~1\AppData\Local\Temp\E_S7C9E.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sitelong] "C:\ProgramData\Bookinsideinside.yjm0wi "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7265 bytes

 

Sorry Pete...off to do it now.

Ps, i have run malwarebytes, spybot s&d, windows defender all came back clean? I have spyblaster installed and i have put those ad sites in the restricted sites in the internet options.

Cheers.

 

Pete it keeps saying its yo long. Ill have to post using two.

Logfile of random's system information tool 1.05 (written by random/random)
Run by caitlin wade 97 at 2009-01-05 18:19:44
Microsoft® Windows Vistaâ„¢ Home Premium Service Pack 1
System drive C: has 111 GB (75%) free of 148 GB
Total RAM: 767 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:23, on 05/01/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\caitlin wade 97\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\caitlin wade 97.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Users\CAITLI~1\AppData\Local\Temp\E_S7C9E.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sitelong] "C:\ProgramData\Bookinsideinside.du2fcsl "
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 7487 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-12-21 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}]
ShowBarObj Class - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll [2008-03-05 312880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll [2008-03-05 142896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender "=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl "=C:\Windows\RtHDVCpl.exe [2007-10-11 4702208]
"Acer Empowering Technology Monitor "=C:\Acer\Empowering Technology\SysMonitor.exe [2008-01-10 326176]
"eDataSecurity Loader "=C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [2008-03-05 526896]
"PCMMediaSharing "=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2008-01-26 204908]
"NvSvc "=C:\Windows\system32\nvsvc.dll [2007-12-21 86016]
"NvCplDaemon "=C:\Windows\system32\NvCpl.dll [2007-12-21 8497696]
"NvMediaCenter "=C:\Windows\system32\NvMcTray.dll [2007-12-21 81920]
"eRecoveryService "= []
"NVRaidService "=C:\Windows\system32\nvraidservice.exe [2007-12-07 196128]
"Apanel "=C:\ACERSW\config\NewSetApanel.cmd []
"AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-12-21 1261336]
"ArcSoft Connection Service "=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2007-07-03 64000]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware "=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-04 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar "=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"EPSON Stylus DX4400 Series "=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
"ehTray.exe "=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG "=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"Sitelong "=C:\ProgramData\Bookinsideinside.du2fcsl [2009-01-05 327696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS "= "avgrsstx.dll "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1
"EnableUIADesktopToggle "=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 3 months======

2009-01-05 18:19:44 ----D---- C:\rsit
2009-01-04 16:13:40 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Windows Live Writer
2009-01-04 15:29:28 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-04 15:29:28 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-04 15:27:14 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Malwarebytes
2009-01-04 15:27:07 ----D---- C:\ProgramData\Malwarebytes
2009-01-04 15:27:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-26 14:03:21 ----D---- C:\ProgramData\Messenger Plus!
2008-12-26 14:00:39 ----D---- C:\ProgramData\byte loud style cool
2008-12-26 13:59:56 ----D---- C:\ProgramData\ElseStyle
2008-12-26 13:59:30 ----D---- C:\Program Files\Circle Developement
2008-12-26 13:59:28 ----D---- C:\Program Files\Messenger Plus! Live
2008-12-25 20:16:02 ----D---- C:\ProgramData\Arcade Lab
2008-12-25 20:15:01 ----SHD---- C:\Users\caitlin wade 97\AppData\Roaming\.#
2008-12-25 10:42:17 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Google
2008-12-25 10:22:23 ----D---- C:\ProgramData\Google
2008-12-25 10:22:11 ----D---- C:\Program Files\Google
2008-12-25 10:18:35 ----D---- C:\Windows\system32\Adobe
2008-12-25 09:54:06 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\ArcSoft
2008-12-25 09:53:39 ----D---- C:\Program Files\Common Files\ArcSoft
2008-12-25 09:53:36 ----A---- C:\Windows\system32\unicows.dll
2008-12-25 09:53:20 ----A---- C:\Windows\PCDLIB32.DLL
2008-12-25 09:53:18 ----D---- C:\Program Files\ArcSoft
2008-12-25 06:13:01 ----D---- C:\Windows\Webcam2200
2008-12-25 06:13:01 ----A---- C:\Windows\system32\SP7302.INI
2008-12-25 06:13:01 ----A---- C:\Windows\system32\CoInst.dll
2008-12-21 15:12:24 ----A---- C:\Windows\system32\msshooks.dll
2008-12-21 15:12:23 ----A---- C:\Windows\system32\msscb.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\thawbrkr.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\srchadmin.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-12-21 15:12:22 ----A---- C:\Windows\system32\propsys.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\propdefs.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\msstrc.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\mssprxy.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\mssitlb.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\msshsq.dll
2008-12-21 15:12:22 ----A---- C:\Windows\system32\korwbrkr.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\xmlfilter.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\wsepno.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-12-21 15:12:21 ----A---- C:\Windows\system32\rtffilt.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\offfilt.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\nlhtml.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\msscntrs.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\mimefilt.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\chtbrkr.dll
2008-12-21 15:12:21 ----A---- C:\Windows\system32\chsbrkr.dll
2008-12-21 15:12:20 ----A---- C:\Windows\system32\tquery.dll
2008-12-21 15:12:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-12-21 15:12:20 ----A---- C:\Windows\system32\mssvp.dll
2008-12-21 15:12:20 ----A---- C:\Windows\system32\mssrch.dll
2008-12-21 15:12:20 ----A---- C:\Windows\system32\mssphtb.dll
2008-12-21 15:12:20 ----A---- C:\Windows\system32\mssph.dll
2008-12-21 15:09:27 ----A---- C:\Windows\system32\EncDec.dll
2008-12-21 15:09:26 ----A---- C:\Windows\system32\psisdecd.dll
2008-12-21 15:04:12 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Template
2008-12-21 15:04:00 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-12-21 15:03:57 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-12-21 15:03:57 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-12-21 15:03:57 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-12-21 15:03:54 ----A---- C:\Windows\system32\connect.dll
2008-12-21 15:03:21 ----A---- C:\Windows\system32\wersvc.dll
2008-12-21 15:03:21 ----A---- C:\Windows\system32\Faultrep.dll
2008-12-21 14:57:02 ----D---- C:\Program Files\CCleaner
2008-12-21 14:48:12 ----D---- C:\Program Files\Trend Micro
2008-12-21 14:39:33 ----AD---- C:\ProgramData\TEMP
2008-12-21 14:39:26 ----D---- C:\Program Files\SpywareBlaster
2008-12-21 14:26:10 ----A---- C:\Windows\system32\avgrsstx.dll
2008-12-21 14:25:43 ----D---- C:\Program Files\AVG
2008-12-21 14:25:42 ----D---- C:\ProgramData\avg8
2008-12-21 13:47:41 ----D---- C:\ProgramData\UDL
2008-12-21 13:41:47 ----A---- C:\Windows\system32\PICSDK2.dll
2008-12-21 13:41:47 ----A---- C:\Windows\system32\PICSDK.ini
2008-12-21 13:41:47 ----A---- C:\Windows\system32\PICSDK.dll
2008-12-21 13:41:47 ----A---- C:\Windows\system32\PICEntry.dll
2008-12-21 13:41:47 ----A---- C:\Windows\system32\EpPicPrt.dll
2008-12-21 13:41:46 ----A---- C:\Windows\system32\EPPicMgr.dll
2008-12-21 13:41:44 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\InstallShield
2008-12-21 13:41:12 ----D---- C:\ProgramData\EPSON
2008-12-21 13:28:34 ----A---- C:\Windows\system32\E_DCINST.DLL
2008-12-21 13:28:29 ----A---- C:\Windows\system32\E_FLBCAE.DLL
2008-12-21 13:28:26 ----A---- C:\Windows\system32\E_FD4BCAE.DLL
2008-12-21 13:25:57 ----D---- C:\Program Files\epson
2008-12-21 13:25:55 ----A---- C:\Windows\system32\eswiaml.dll
2008-12-21 13:25:55 ----A---- C:\Windows\system32\eswia7e.dll
2008-12-21 13:25:55 ----A---- C:\Windows\system32\esint7e.dll
2008-12-21 13:25:41 ----A---- C:\Windows\CDE DX4400DEFGIPS.ini
2008-12-21 11:16:47 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-12-21 11:16:12 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2008-12-21 11:11:53 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-21 11:11:38 ----D---- C:\Program Files\Windows Live
2008-12-21 11:10:44 ----D---- C:\ProgramData\WLInstaller
2008-12-21 10:43:38 ----A---- C:\Windows\system32\mshtml.dll
2008-12-21 10:39:39 ----A---- C:\Windows\system32\tzres.dll
2008-12-21 10:34:55 ----D---- C:\Program Files\MSXML 4.0
2008-12-21 10:31:39 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-12-21 10:31:35 ----A---- C:\Windows\system32\es.dll
2008-12-21 10:31:30 ----A---- C:\Windows\system32\shell32.dll
2008-12-21 10:31:13 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-21 10:31:11 ----A---- C:\Windows\system32\gameux.dll
2008-12-21 10:31:10 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-21 10:31:07 ----A---- C:\Windows\system32\rpcrt4.dll
2008-12-21 10:31:05 ----A---- C:\Windows\system32\pacerprf.dll
2008-12-21 10:31:02 ----A---- C:\Windows\system32\gdi32.dll
2008-12-21 10:30:56 ----A---- C:\Windows\system32\wmpeffects.dll
2008-12-21 10:30:54 ----A---- C:\Windows\system32\msxml3.dll
2008-12-21 10:30:51 ----A---- C:\Windows\explorer.exe
2008-12-21 10:30:49 ----A---- C:\Windows\system32\netapi32.dll
2008-12-21 10:30:41 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-12-21 10:30:39 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-12-21 10:30:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-12-21 10:29:36 ----A---- C:\Windows\system32\vbscript.dll
2008-12-21 10:29:36 ----A---- C:\Windows\system32\jscript.dll
2008-12-21 10:29:35 ----A---- C:\Windows\system32\wshext.dll
2008-12-21 10:29:35 ----A---- C:\Windows\system32\wscript.exe
2008-12-21 10:29:35 ----A---- C:\Windows\system32\scrrun.dll
2008-12-21 10:29:35 ----A---- C:\Windows\system32\scrobj.dll
2008-12-21 10:29:35 ----A---- C:\Windows\system32\cscript.exe
2008-12-21 10:27:05 ----A---- C:\Windows\system32\kd1394.dll
2008-12-21 10:27:03 ----A---- C:\Windows\system32\winload.exe
2008-12-21 10:27:03 ----A---- C:\Windows\system32\ci.dll
2008-12-21 10:27:00 ----A---- C:\Windows\system32\winresume.exe
2008-12-21 10:26:47 ----A---- C:\Windows\system32\srcore.dll
2008-12-21 10:26:47 ----A---- C:\Windows\system32\srclient.dll
2008-12-21 10:26:47 ----A---- C:\Windows\system32\setbcdlocale.dll
2008-12-21 10:26:46 ----A---- C:\Windows\system32\srdelayed.exe
2008-12-21 10:26:46 ----A---- C:\Windows\system32\rstrui.exe
2008-12-21 10:26:46 ----A---- C:\Windows\system32\kbd106n.dll
2008-12-21 10:25:33 ----A---- C:\Windows\system32\msxml6.dll
2008-12-21 10:25:19 ----A---- C:\Windows\system32\ieframe.dll
2008-12-21 10:25:17 ----A---- C:\Windows\system32\urlmon.dll
2008-12-21 10:25:15 ----A---- C:\Windows\system32\wininet.dll
2008-12-21 10:25:15 ----A---- C:\Windows\system32\mstime.dll
2008-12-21 10:25:15 ----A---- C:\Windows\system32\iertutil.dll
2008-12-21 10:25:12 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-21 10:25:07 ----A---- C:\Windows\system32\emdmgmt.dll
2008-12-21 10:25:07 ----A---- C:\Windows\system32\dataclen.dll
2008-12-21 10:25:06 ----A---- C:\Windows\system32\cdd.dll
2008-12-21 10:25:00 ----A---- C:\Windows\system32\quartz.dll
2008-12-21 10:24:58 ----A---- C:\Windows\system32\win32spl.dll
2008-12-21 10:24:54 ----A---- C:\Windows\system32\inetcomm.dll
2008-12-21 10:24:52 ----A---- C:\Windows\system32\mf.dll
2008-12-21 10:24:51 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-21 10:24:49 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-21 10:24:49 ----A---- C:\Windows\system32\logagent.exe
2008-12-21 10:24:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-12-21 10:24:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-12-21 10:13:50 ----A---- C:\Windows\system32\wups2.dll
2008-12-21 10:13:50 ----A---- C:\Windows\system32\wucltux.dll
2008-12-21 10:13:50 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-21 10:13:50 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-21 10:13:48 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Adobe
2008-12-21 10:13:29 ----A---- C:\Windows\system32\wups.dll
2008-12-21 10:13:29 ----A---- C:\Windows\system32\wudriver.dll
2008-12-21 10:13:29 ----A---- C:\Windows\system32\wuapi.dll
2008-12-21 10:13:20 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-21 10:13:20 ----A---- C:\Windows\system32\wuapp.exe
2008-12-21 10:08:40 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Macromedia
2008-12-21 10:07:55 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Identities
2008-12-21 10:07:21 ----SD---- C:\Users\caitlin wade 97\AppData\Roaming\Microsoft
2008-12-21 10:07:21 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Media Center Programs
2008-12-21 10:07:21 ----D---- C:\Users\caitlin wade 97\AppData\Roaming\Acer GameZone Console

======List of files/folders modified in the last 3 months======

2009-01-05 18:20:22 ----D---- C:\Windows\Temp
2009-01-05 18:20:00 ----D---- C:\Windows\Prefetch
2009-01-05 18:07:28 ----HD---- C:\ProgramData
2009-01-05 17:15:20 ----SHD---- C:\System Volume Information
2009-01-05 17:13:53 ----D---- C:\Windows\system32\WDI
2009-01-05 15:35:12 ----D---- C:\Windows\system32\drivers
2009-01-05 15:23:50 ----D---- C:\Windows\System32
2009-01-05 15:23:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-01-05 15:23:49 ----D---- C:\Windows\inf
2009-01-04 17:52:23 ----D---- C:\Windows
2009-01-04 15:29:28 ----RD---- C:\Program Files
2008-12-29 14:15:22 ----D---- C:\Windows\Logs
2008-12-26 13:59:50 ----D---- C:\Windows\system32\Tasks
2008-12-25 10:22:25 ----SHD---- C:\Windows\Installer
2008-12-25 10:18:48 ----SD---- C:\Windows\Downloaded Program Files
2008-12-25 09:59:54 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-25 09:53:39 ----D---- C:\Program Files\Common Files
2008-12-25 06:14:50 ----D---- C:\Windows\twain_32
2008-12-25 06:13:33 ----D---- C:\Windows\system32\catroot
2008-12-25 06:13:00 ----D---- C:\Windows\system32\catroot2
2008-12-25 05:50:43 ----D---- C:\Windows\system32\LogFiles
2008-12-23 17:16:17 ----D---- C:\Windows\rescache
2008-12-21 15:53:55 ----D---- C:\Windows\Microsoft.NET
2008-12-21 15:53:54 ----RSD---- C:\Windows\assembly
2008-12-21 15:46:02 ----D---- C:\Windows\ehome
2008-12-21 15:46:02 ----D---- C:\Program Files\Windows Mail
2008-12-21 15:46:00 ----D---- C:\Windows\system32\en-US
2008-12-21 15:46:00 ----D---- C:\Windows\PolicyDefinitions
2008-12-21 15:14:04 ----D---- C:\ProgramData\Microsoft Help
2008-12-21 15:13:43 ----D---- C:\Windows\winsxs
2008-12-21 14:57:31 ----D---- C:\Windows\Debug
2008-12-21 14:25:05 ----D---- C:\Program Files\Common Files\microsoft shared
2008-12-21 14:20:48 ----D---- C:\Windows\Tasks
2008-12-21 14:19:47 ----SD---- C:\Windows\system32\Microsoft
2008-12-21 13:51:28 ----D---- C:\Program Files\Common Files\InstallShield
2008-12-21 13:15:02 ----D---- C:\Program Files\Yahoo!
2008-12-21 12:01:10 ----D---- C:\Program Files\Microsoft Works
2008-12-21 10:47:56 ----D---- C:\Windows\AppPatch
2008-12-21 10:47:52 ----D---- C:\Windows\system32\migration
2008-12-21 10:47:50 ----D---- C:\Windows\system32\Boot
2008-12-21 10:32:32 ----D---- C:\Windows\SoftwareDistribution
2008-12-21 10:16:23 ----D---- C:\Windows\system32\NDF
2008-12-21 10:09:20 ----D---- C:\AcerSW
2008-12-21 10:08:15 ----SHD---- C:\$RECYCLE.BIN
2008-12-21 10:07:20 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-12-21 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-12-21 26824]
R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2007-07-03 15392]
R2 PSDNServ;PSDNServ; C:\Windows\system32\DRIVERS\PSDNServ.sys [2008-03-05 16944]
R2 psdvdisk;PSDVdisk; C:\Windows\system32\DRIVERS\PSDVdisk.sys [2008-03-05 60464]
R2 tvicport;tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [2007-11-06 14544]
R2 zntport;zntport; \??\C:\Windows\system32\drivers\zntport.sys [2007-11-06 6080]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\System32\Drivers\avgwfpx.sys [2008-12-21 69128]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-10-17 1971928]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2008-03-16 6144]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-09-10 1035168]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-21 7629632]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-07-07 12032]
R3 PAC7302;PAC7302 VGA USB Camera; C:\Windows\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVHDA;Service for NVIDIA HDMI Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2007-07-16 30752]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2006-06-13 247808]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service; C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-26 269448]
R2 AcerMemUsageCheckService;ePerformance Service; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [2007-10-17 28672]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-12-21 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-12-21 231704]
R2 eDataSecurity Service;eDataSecurity Service; C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe [2008-03-05 500784]
R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-09-10 57344]
R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-12-20 24576]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-07-19 262247]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-25 138168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.05 2009-01-05 18:20:30

======Uninstall list======

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acer Arcade Live Main Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\SETUP.exe" -uninstall
Acer DV Magician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6EFFB76-4A07-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer DVDivine-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\SETUP.exe" -uninstall
Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\x86\eDSnstHelper.exe -Operation UNINSTALL
Acer Empowering Technology--> "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer ePerformance Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D462BF9E-0C35-4705-BF9B-3DF9F3816643}\setup.exe" -l0x9 -removeonly
Acer eSettings Management--> "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -runfromtemp -l0x0009 -removeonly
Acer GameZone Console DTV 2.0.1.1--> "C:\Program Files\Acer GameZone\GameConsole\unins000.exe "
Acer HomeMedia Connect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{132888AE-EF67-41C5-BCA2-7D5D2488AB63}\SETUP.exe" -uninstall
Acer HomeMedia Trial Creator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B580C409-E16F-44FF-904D-3AE94E113BE0}\SETUP.EXE" -uninstall
Acer HomeMedia-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Acer SlideShow DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41581EF5-45A7-11DA-9D78-000129760D75}\SETUP.exe" -uninstall
Acer VideoMagician-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\SETUP.exe" -uninstall
Activation Assistant for the 2007 Microsoft Office suites--> "C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Agatha Christie Death on the Nile--> "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\Uninstall.exe" "C:\Program Files\Acer GameZone\Agatha Christie Death on the Nile\install.log "
Alice Greenfingers--> "C:\Program Files\Acer GameZone\Alice Greenfingers\Uninstall.exe" "C:\Program Files\Acer GameZone\Alice Greenfingers\install.log "
ArcSoft PhotoImpression 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA57EFB9-A257-4DD0-BC6D-0FA5625F3421}\Setup.exe" -l0x9
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{244E21B9-164C-4EC1-AED8-9BD64161E66D}\Setup.exe" -l0x9
ArcSoft WebCam Companion 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7814358B-1284-4305-AE5A-6667DBDF4771}\Setup.exe" -l0x9
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azada--> "C:\Program Files\Acer GameZone\Azada\Uninstall.exe" "C:\Program Files\Acer GameZone\Azada\install.log "
Backspin Billiards--> "C:\Program Files\Acer GameZone\Backspin Billiards\Uninstall.exe" "C:\Program Files\Acer GameZone\Backspin Billiards\install.log "
Big Kahuna Reef--> "C:\Program Files\Acer GameZone\Big Kahuna Reef\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef\install.log "
Bookworm Deluxe--> "C:\Program Files\Acer GameZone\Bookworm Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Bookworm Deluxe\install.log "
Bricks of Egypt--> "C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log "
Cake Mania--> "C:\Program Files\Acer GameZone\Cake Mania\Uninstall.exe" "C:\Program Files\Acer GameZone\Cake Mania\install.log "
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Chicken Invaders 3--> "C:\Program Files\Acer GameZone\Chicken Invaders 3\Uninstall.exe" "C:\Program Files\Acer GameZone\Chicken Invaders 3\install.log "
Chuzzle--> "C:\Program Files\Acer GameZone\Chuzzle\Uninstall.exe" "C:\Program Files\Acer GameZone\Chuzzle\install.log "
CX4300_5500_DX4400 manual-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\ENG\USE_G\DOCUNINS.EXE
Diner Dash Flo on the Go--> "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\Uninstall.exe" "C:\Program Files\Acer GameZone\Diner Dash Flo on the Go\install.log "
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
Flip Words 2--> "C:\Program Files\Acer GameZone\Flip Words 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Flip Words 2\install.log "
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll "
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Jewel Quest Solitaire--> "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log "
Kick N Rush--> "C:\Program Files\Acer GameZone\Kick N Rush\Uninstall.exe" "C:\Program Files\Acer GameZone\Kick N Rush\install.log "
Mahjong Escape Ancient China--> "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjong Escape Ancient China\install.log "
Mahjongg Artifacts--> "C:\Program Files\Acer GameZone\Mahjongg Artifacts\Uninstall.exe" "C:\Program Files\Acer GameZone\Mahjongg Artifacts\install.log "
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
Messenger Plus! Live & Sponsor (CiD)--> "C:\Program Files\Messenger Plus! Live\Uninstall.exe "
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007--> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Mystery Case Files - Huntsville--> "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Huntsville\install.log "
Mystery Solitaire - Secret Island--> "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Solitaire - Secret Island\install.log "
NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x0409
NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1033 CDM7
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
SpywareBlaster 4.1--> "C:\Program Files\SpywareBlaster\unins000.exe "
Turbo Pizza--> "C:\Program Files\Acer GameZone\Turbo Pizza\Uninstall.exe" "C:\Program Files\Acer GameZone\Turbo Pizza\install.log "
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Zuma Deluxe--> "C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log "

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [Sitelong] "C:\ProgramData\Bookinsideinside.02qfke "
O4 - HKCU\..\Run: [style cool 2 city] "C:\ProgramData\Flag Copy Peak.p1h87 "
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)
O4 - HKCU\..\Run: [Sitelong] "C:\ProgramData\Bookinsideinside.yjm0wi "
O4 - HKCU\..\Run: [Sitelong] "C:\ProgramData\Bookinsideinside.on5o9bw "

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: AVG Anti-Virus Free
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender

System event log

Computer Name: caitlin
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {95213FF8-830C-4A1F-9C02-032E6947AD65}
User: caitlin\caitlin wade 97
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-1618474712-4105941985-1043953650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sitelong;runkey:HKCU@S-1-5-21-1618474712-4105941985-1043953650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sitelong;file:C:\ProgramData\Bookinsideinside.on5o9bw
Alert Type: Unclassified software
Detection Type:
Record Number: 14032
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090105172341.000000-000
Event Type: Warning
User:

Computer Name: caitlin
Event Code: 3005
Message: Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.
For more information please see the following:
Not Applicable
Scan ID: {95213FF8-830C-4A1F-9C02-032E6947AD65}
User: caitlin\caitlin wade 97
Name: Unknown
ID:
Severity ID:
Category ID:
Alert Type: Unclassified software
Action: Ignore
Record Number: 14033
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090105172344.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 7036
Message: The Windows Modules Installer service entered the stopped state.
Record Number: 14034
Source Name: Service Control Manager
Time Written: 20090105172547.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {34878ACA-E6BB-4F3C-818E-AFB42DC39C96}
User: caitlin\caitlin wade 97
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKCU@S-1-5-21-1618474712-4105941985-1043953650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sitelong;runkey:HKCU@S-1-5-21-1618474712-4105941985-1043953650-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Sitelong;file:C:\ProgramData\Bookinsideinside.du2fcsl
Alert Type: Unclassified software
Detection Type:
Record Number: 14035
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090105180734.000000-000
Event Type: Warning
User:

Computer Name: caitlin
Event Code: 3005
Message: Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software.
For more information please see the following:
Not Applicable
Scan ID: {34878ACA-E6BB-4F3C-818E-AFB42DC39C96}
User: caitlin\caitlin wade 97
Name: Unknown
ID:
Severity ID:
Category ID:
Alert Type: Unclassified software
Action: Ignore
Record Number: 14036
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090105180740.000000-000
Event Type: Information
User:

Application event log

Computer Name: caitlin
Event Code: 224
Message: wlmail (5776) WindowsLiveMail0: Deleting log files C:\Users\caitlin wade 97\AppData\Local\Microsoft\Windows Live Mail\edb0000A.log to C:\Users\caitlin wade 97\AppData\Local\Microsoft\Windows Live Mail\edb0000A.log.
Record Number: 2339
Source Name: ESENT
Time Written: 20090105172137.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 213
Message: wlmail (5776) WindowsLiveMail0: The backup procedure has been successfully completed.
Record Number: 2340
Source Name: ESENT
Time Written: 20090105172137.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 103
Message: wlmail (5776) WindowsLiveMail0: The database engine stopped the instance (0).
Record Number: 2341
Source Name: ESENT
Time Written: 20090105172240.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 2342
Source Name: LightScribeService
Time Written: 20090105182028.000000-000
Event Type: Information
User:

Computer Name: caitlin
Event Code: 1024
Message: Disk(s) were polled for SMART status.
Record Number: 2343
Source Name: NVRAIDSERVICE
Time Written: 20090105182035.000000-000
Event Type: Information
User:

Security event log

Computer Name: caitlin
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 2953
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105182019.686200-000
Event Type: Audit Failure
User:

Computer Name: caitlin
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 2954
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105182019.733000-000
Event Type: Audit Failure
User:

Computer Name: caitlin
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 2955
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105182019.764200-000
Event Type: Audit Failure
User:

Computer Name: caitlin
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 2956
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105182019.795400-000
Event Type: Audit Failure
User:

Computer Name: caitlin
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 2957
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090105182019.842200-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK "=NO
"OS "=Windows_NT
"Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Acer\Empowering Technology\eDataSecurity\;C:\Acer\Empowering Technology\eDataSecurity\x86;C:\Acer\Empowering Technology\eDataSecurity\x64
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE "=x86
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"USERNAME "=SYSTEM
"windir "=%SystemRoot%
"PROCESSOR_LEVEL "=6
"PROCESSOR_IDENTIFIER "=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION "=0f0d
"NUMBER_OF_PROCESSORS "=2
"TRACE_FORMAT_SEARCH_PATH "=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON "=FALSE

-----------------EOF-----------------

 

Hi sean,

Here's the problem.

C:\ProgramData\Messenger Plus!

The installation of the Messenger Plus! Live & Sponsor (CiD).
Messenger Plus! is sponsored by a long time distributor of the dreaded LOP infection, and it's bitten your daughter's new computer. Below is an example of LOP from your logs.

C:\ProgramData\byte loud style cool

First thing you need to do is uninstall Messenger Plus! and reboot.
Then, download Lop S&D and save it to your desktop.

Please disable resident protections (Antivirus...) you'll re-enable them after the scan

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created at C:\lopR.txt

Don't forget to re-enable your resident protections now!

 

Hi and thank you noahdfear.

Its 6.30am here and i have to go to work I was just checking in to see if i have had a reply, i will be back home around 3.30pm today when i will follow your instructions to the letter. Also i will be having a good chat to my Daughter

Thanks so much,

Sean.

Ps, i wonder why Malwarebytes, spybot S&D, AVG free, and windows defender dident show this infection?

 

Good evening noahdfear.

I have completed your instructions to the letter and here is the log you requested........MANY THANKS


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vistaâ„¢ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Celeron(R) CPU E1200 @ 1.60GHz )
BIOS : BIOS Date: 04/16/08 08:43:57 Ver: 08.00.15
USER : caitlin wade 97 ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
C:\ (Local Disk) - NTFS - Total:144 Go (Free:108 Go)
D:\ (Local Disk) - NTFS - Total:144 Go (Free:143 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 06/01/2009|16:06 )

[ UAC => 1 ]

--------------------\\ Listing folders in Local

[27/12/2008|09:24] C:\Users\CAITLI~1\AppData\Local\Adobe
[21/12/2008|10:07] C:\Users\CAITLI~1\AppData\Local\Application Data
[25/12/2008|10:01] C:\Users\CAITLI~1\AppData\Local\ArcSoft
[02/01/2009|22:15] C:\Users\CAITLI~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[21/12/2008|10:08] C:\Users\CAITLI~1\AppData\Local\GDIPFONTCACHEV1.DAT
[25/12/2008|10:42] C:\Users\CAITLI~1\AppData\Local\Google
[21/12/2008|10:07] C:\Users\CAITLI~1\AppData\Local\History
[06/01/2009|15:27] C:\Users\CAITLI~1\AppData\Local\IconCache.db
[27/12/2008|15:24] C:\Users\CAITLI~1\AppData\Local\Microsoft
[25/12/2008|13:29] C:\Users\CAITLI~1\AppData\Local\Microsoft Games
[21/12/2008|15:11] C:\Users\CAITLI~1\AppData\Local\Microsoft Help
[21/12/2008|10:08] C:\Users\CAITLI~1\AppData\Local\PowerCinema
[06/01/2009|16:05] C:\Users\CAITLI~1\AppData\Local\Temp
[21/12/2008|10:07] C:\Users\CAITLI~1\AppData\Local\Temporary Internet Files
[21/12/2008|12:34] C:\Users\CAITLI~1\AppData\Local\VirtualStore
[04/01/2009|16:13] C:\Users\CAITLI~1\AppData\Local\Windows Live Writer

--------------------\\ Scheduled Tasks located in C:\Windows\Tasks

[06/01/2009 15:28][--ah-----] C:\Windows\tasks\SA.DAT
[06/01/2009 15:27][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing Folders in C:\ProgramData

[16/03/2008|19:31] C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[16/03/2008|19:49] C:\ProgramData\Acer GameZone Console
[16/03/2008|20:11] C:\ProgramData\Adobe
[02/11/2006|13:02] C:\ProgramData\Application Data
[25/12/2008|20:16] C:\ProgramData\Arcade Lab
[21/12/2008|14:25] C:\ProgramData\avg8
[16/03/2008|19:47] C:\ProgramData\CyberLink
[02/11/2006|13:02] C:\ProgramData\Desktop
[02/11/2006|13:02] C:\ProgramData\Documents
[21/12/2008|13:41] C:\ProgramData\EPSON
[16/03/2008|20:01] C:\ProgramData\eSobi
[02/11/2006|13:02] C:\ProgramData\Favorites
[16/03/2008|19:49] C:\ProgramData\FloodLightGames
[25/12/2008|10:22] C:\ProgramData\Google
[04/01/2009|15:27] C:\ProgramData\Malwarebytes
[28/05/2008|18:13] C:\ProgramData\Microsoft
[21/12/2008|15:14] C:\ProgramData\Microsoft Help
[28/05/2008|18:16] C:\ProgramData\NVIDIA
[05/01/2009|19:00] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|13:02] C:\ProgramData\Start Menu
[05/01/2009|15:21] C:\ProgramData\TEMP
[02/11/2006|13:02] C:\ProgramData\Templates
[21/12/2008|13:47] C:\ProgramData\UDL
[21/12/2008|11:10] C:\ProgramData\WLInstaller

--------------------\\ Listing Folders in C:\Program Files

[16/03/2008|20:01] C:\Program Files\Acer Arcade Live
[16/03/2008|20:00] C:\Program Files\Acer GameZone
[28/05/2008|18:22] C:\Program Files\Acer Inc
[16/03/2008|19:31] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[16/03/2008|20:11] C:\Program Files\Adobe
[25/12/2008|10:00] C:\Program Files\ArcSoft
[28/05/2008|18:18] C:\Program Files\ATI
[21/12/2008|14:25] C:\Program Files\AVG
[21/12/2008|14:57] C:\Program Files\CCleaner
[25/12/2008|09:53] C:\Program Files\Common Files
[16/03/2008|19:46] C:\Program Files\CyberLink
[21/12/2008|13:44] C:\Program Files\epson
[16/03/2008|20:00] C:\Program Files\eSobi
[05/01/2009|15:25] C:\Program Files\Google
[25/12/2008|09:59] C:\Program Files\InstallShield Installation Information
[21/01/2008|02:35] C:\Program Files\Internet Explorer
[05/01/2009|15:35] C:\Program Files\Malwarebytes' Anti-Malware
[02/11/2006|12:37] C:\Program Files\Microsoft Games
[16/03/2008|19:31] C:\Program Files\Microsoft Office
[21/12/2008|11:16] C:\Program Files\Microsoft SQL Server Compact Edition
[21/12/2008|12:01] C:\Program Files\Microsoft Works
[16/03/2008|19:29] C:\Program Files\Microsoft.NET
[21/01/2008|02:35] C:\Program Files\Movie Maker
[02/11/2006|12:37] C:\Program Files\MSBuild
[21/12/2008|10:34] C:\Program Files\MSXML 4.0
[16/03/2008|19:35] C:\Program Files\NewTech Infosystems
[16/03/2008|19:24] C:\Program Files\Realtek
[02/11/2006|12:37] C:\Program Files\Reference Assemblies
[04/01/2009|15:32] C:\Program Files\Spybot - Search & Destroy
[05/01/2009|15:21] C:\Program Files\SpywareBlaster
[21/12/2008|14:48] C:\Program Files\Trend Micro
[02/11/2006|13:01] C:\Program Files\Uninstall Information
[21/01/2008|02:35] C:\Program Files\Windows Calendar
[21/01/2008|02:35] C:\Program Files\Windows Collaboration
[21/01/2008|02:35] C:\Program Files\Windows Defender
[21/01/2008|02:35] C:\Program Files\Windows Journal
[21/12/2008|12:05] C:\Program Files\Windows Live
[21/12/2008|15:46] C:\Program Files\Windows Mail
[21/01/2008|02:35] C:\Program Files\Windows Media Player
[02/11/2006|12:37] C:\Program Files\Windows NT
[21/01/2008|02:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|02:35] C:\Program Files\Windows Sidebar
[21/12/2008|13:15] C:\Program Files\Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[16/03/2008|20:11] C:\Program Files\Common Files\Adobe
[25/12/2008|10:00] C:\Program Files\Common Files\ArcSoft
[16/03/2008|19:29] C:\Program Files\Common Files\DESIGNER
[21/12/2008|13:51] C:\Program Files\Common Files\InstallShield
[16/03/2008|19:35] C:\Program Files\Common Files\LightScribe
[21/12/2008|14:25] C:\Program Files\Common Files\microsoft shared
[16/03/2008|19:34] C:\Program Files\Common Files\muvee Technologies
[16/03/2008|19:35] C:\Program Files\Common Files\NewTech Infosystems
[16/03/2008|19:49] C:\Program Files\Common Files\Oberon Media
[02/11/2006|11:18] C:\Program Files\Common Files\Services
[02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|02:35] C:\Program Files\Common Files\System
[21/12/2008|11:12] C:\Program Files\Common Files\WindowsLiveInstaller

--------------------\\ Process

( 65 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-06 16:06:57
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 3

--------------------\\ Searching for other infections


No other infections found !

[F:477][D:5]-> C:\Users\CAITLI~1\AppData\Local\Temp
[F:35][D:1]-> C:\Users\CAITLI~1\AppData\Roaming\MICROS~1\Windows\Cookies
[F:6][D:4]-> C:\Users\CAITLI~1\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:21][D:8]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 06/01/2009|16:07 - Option : [1]

--------------------\\ Scan completed at 16:07:53
[ UAC => 1 ]

 

Look like LOP went away with uninstalling Messenger Plus!
Lets do an online scan to check for other nasties.
Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Hi noahdfear.

Sorry about not getting back to you, i ran the scan and after 3.5 hours i had to stop it so my daughter could do her home work, but saying that before i stopped it, it had found nothing and it was at 68%? I could try it again over the weekend when i am not at work if you think its best?

MANY THANKS TO YOU,

Sean.

 

68% clean is a good sign, but I would recommend going for 100%

 

Hi Dave.

I will give it another go over this weekend . Does it usually take this long to scan, especially when it is a brand new pc? When i used it to scan my pc (XP Media edition) it only took 1.5hrs and it is over two years old.

THANK YOU Dave for all your help.

Ps, over the last few days she has stopped shouting from upstairs that pop ups are appearing

 

The time required to scan is dependent largely on the amount of data being scanned. Active security applications can affect the scan time as well. Looks to me like you've only about 36 GB of data to scan. Recommend you try disabling AVG and Windows Defender during the scan to see if that helps.

 

Hi Dave.

That didn't take long, i think it was because i left defender running the last time.

Cheers, Sean.

Saturday, January 10, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, January 10, 2009 09:08:58
Records in database: 1597975


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics
Files scanned 102312
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 01:24:55

No malware has been detected. The scan area is clean.
The selected area was scanned.

 

Excellent! You can delete LOP S&D and the C:\LOP S&D folder.
Delete RSIT.exe and the C:\rsit folder.
Empty the recycle bin.
Lets clear out the system restore points too, just in case you needed to restore.

Clear System Restore Points in Vista

• In Control Panel / System, click System Protection (on the left of the window).
• Under automatic restore points, uncheck all the boxes in the list of disks available.
• Vista will ask you to confirm this.
• Confirm by clicking the Disable System Restore.
• Click OK to close the window.
• Click System Protection, recheck all the boxes in the list of available disks and then click OK.

That should do it Sean.


Happy for you that your daughter has stopped shouting from upstairs about popups.

 

Hi Dave.

That’s great news. I will get on with your final instructions when the little noise polluter decides it's time to wake up. Now I can enjoy my Sunday without the constant yell...DAAAAAD, I suppose it kept me fit running up and down the stairs.

All i can say is thank you for your valuable time in helping me with this issue, cheers and good luck to you.
Sean and the loud mouth.

 

Hehehehe

Happy to help Sean.