plz help me remove total protection and antivir.

please help me remove total protection and antivir. the antivir popped up to purchase their anti virus protection each time i try to go to another website. it's blocking your website everytime. please help. i don't know what else is on this computer. it's pretty new and i'm afraid its been infected. thanks so much.
happy holidays. you guys are amazing!!!

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

hi. this is the message i got when i run the scan.

"for some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, Hijack This may NOT be able to fix this.

If that happends, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\Windows\System32\drivers\etc\hots

and press Enter. Find the line(s) HijackThis reports and delete them. "


So, what do i do? thanks, jennie


Save the fiel as 'host.' (with quotes), and reboot."

Does the scan not continue? click ok to that alert and the scan should continue.

it does complete but, i can't get the log.

God that's annoying.

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste BOTH LOGS back here, use more than one post if needed.
  

OMG! it took me to go around the computer for ten mins. i keep getting blocked. i hope this is what you are looking for.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Aaron at 15:44:43.99 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18865
Microsoft Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.2813.1667 [GMT -9:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Aaron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVVJP1PD\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80230
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: &UpdateCheck.dll: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - c:\windows\system32\UpdateCheck.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AV] c:\program files\av\Antivir.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eRecoveryService]
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5780/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: AVGRSSTX.DLL,c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-24 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-24 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-12 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-18 22016]
S2 gupdate1ca601ee0e10890;Google Update Service (gupdate1ca601ee0e10890);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-4 30192]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-18 22016]

=============== Created Last 30 ================

2009-12-21 00:08:54 0 d-----w- c:\program files\TrendMicro
2009-12-10 05:15:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 05:15:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 05:15:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 05:15:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 05:14:00 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 01:28:44 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-12-10 01:28:44 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-12-10 01:28:44 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-12-10 01:28:44 0 d-----w- c:\program files\LG Electronics
2009-12-07 09:57:21 640000 ----a-w- c:\windows\system32\UpdateCheck.dll
2009-12-07 09:56:58 0 d-----w- c:\program files\AV
2009-11-30 08:18:39 0 d-----w- c:\program files\Ask.com
2009-11-30 08:16:24 0 d-----w- c:\users\aaron\appdata\roaming\uTorrent
2009-11-25 12:01:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 05:55:09 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 05:55:08 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 05:55:04 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 16:21:35 138340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:20:12 0 d-----w- c:\program files\iPod
2009-11-23 00:20:09 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-12-10 01:30:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 01:30:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 01:30:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 12:20:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 12:20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 12:20:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 18:02:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 03:07:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-25 05:05:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 05:04:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 18:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-19 05:12:36 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-29 11:05:21 8 --sh--r- c:\windows\system32\3DF2420E6B.sys
2009-07-31 07:38:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-28 19:43:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-28 19:43:25 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-28 19:43:25 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:45:28.52 ===============

DDS (Ver_09-12-01.01) - NTFSx86
Run by Aaron at 15:44:43.99 on Sun 12/20/2009
Internet Explorer: 8.0.6001.18865
Microsoft Windows Vista Home Basic 6.0.6002.2.1252.1.1033.18.2813.1667 [GMT -9:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k nȯne
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\Aaron\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EVVJP1PD\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0109&m=aspire_5515
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80230
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80230
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: &UpdateCheck.dll: {35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc} - c:\windows\system32\UpdateCheck.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [AV] c:\program files\av\Antivir.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eRecoveryService]
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [Acer Product Registration] "c:\program files\acer\acer registration\ACE1.exe" /startup
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SiteRanker] "c:\program files\siteranker\SiteRankTray.exe"
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Copy to &Lightning Note - c:\program files\wordperfect lightning\programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5780/mcfscan.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: AVGRSSTX.DLL,c:\progra~1\google\google~1\GOEC62~1.DLL,avgrsstx.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-10-24 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-10-24 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-10-24 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-24 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-24 285392]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-3 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2009-1-12 24576]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-25 45056]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-25 131072]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\drivers\Ndisrd.sys [2009-8-18 22016]
S2 gupdate1ca601ee0e10890;Google Update Service (gupdate1ca601ee0e10890);c:\program files\google\update\GoogleUpdate.exe [2009-11-7 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-4 30192]
S3 Ndisrd;WinpkFilter Service;c:\windows\system32\drivers\Ndisrd.sys [2009-8-18 22016]

=============== Created Last 30 ================

2009-12-21 00:08:54 0 d-----w- c:\program files\TrendMicro
2009-12-10 05:15:18 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-10 05:15:07 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-10 05:15:07 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-10 05:15:07 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-10 05:14:00 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-10 01:28:44 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2009-12-10 01:28:44 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2009-12-10 01:28:44 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2009-12-10 01:28:44 0 d-----w- c:\program files\LG Electronics
2009-12-07 09:57:21 640000 ----a-w- c:\windows\system32\UpdateCheck.dll
2009-12-07 09:56:58 0 d-----w- c:\program files\AV
2009-11-30 08:18:39 0 d-----w- c:\program files\Ask.com
2009-11-30 08:16:24 0 d-----w- c:\users\aaron\appdata\roaming\uTorrent
2009-11-25 12:01:11 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 05:55:09 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 05:55:08 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-25 05:55:04 714240 ----a-w- c:\windows\system32\timedate.cpl
2009-11-24 16:21:35 138340 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-23 00:20:12 0 d-----w- c:\program files\iPod
2009-11-23 00:20:09 0 d-----w- c:\program files\iTunes

==================== Find3M ====================

2009-12-10 01:30:49 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-10 01:30:49 51200 ----a-w- c:\windows\inf\infpub.dat
2009-12-10 01:30:49 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 12:20:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 12:20:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 12:20:09 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-09 18:02:55 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-08 03:07:37 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-25 05:05:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-25 05:04:51 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-08 21:08:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07:59 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-01 18:29:14 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-19 05:12:36 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-29 11:05:21 8 --sh--r- c:\windows\system32\3DF2420E6B.sys
2009-07-31 07:38:30 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-28 19:43:25 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-28 19:43:25 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-28 19:43:25 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:45:28.52 ===============

Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it.
  
• Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :files
  c:\windows\system32\UpdateCheck.dll
  c:\program files\AV
  c:\program files\Ask.com
  c:\users\aaron\appdata\roaming\uTorrent
  
  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{d4027c7f-154a-4066-a1ad-4243d8127440}"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "AV"=-
  
  
  
• Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  
• Click the red Moveit! button.
  
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTMoveIt
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

========== FILES ==========
c:\windows\system32\UpdateCheck.dll moved successfully.
c:\program files\AV folder moved successfully.
c:\program files\Ask.com folder moved successfully.
c:\users\aaron\appdata\roaming\uTorrent folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{35a5b43b-cb8a-49ca-a9f4-d3b308d2e3cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d4027c7f-154a-4066-a1ad-4243d8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4027c7f-154a-4066-a1ad-4243d8127440}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AV deleted successfully.

OTM by OldTimer - Version 3.1.3.0 log created on 12202009_161817

Okay, can you run Hijack This now? just wanna check that log.

no it gave me the same message as before. it does the scan but i can't retreive the log. so, i went to do a start, run but can not find the "run" on the computer. can you direct me? or any other ideas about retreiving the log? thanks

i just tried the start and run and type notepad c:\windows\system32\drivers\etc\hosts. nothing!

can i screen print the results?

ok. it took a while but i could only type the log. was unable to copy and paste. i hope you can help me with this. thanks. jennie


R1-HKCU\Software\Microsoft\Internet Exploer\Main, Default_page_url =http://homepage.acer.com/rdr.aspx?b=ACAW&I=04-0&s=2&o=vb32&d=0109&m=aspire_5515
R1-HKCU\Software\Microsoft\Internet Exploer\Main,search bar=http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1-HKCU\Software\Microsoft\Internet Exploer\Main, search page=http://go.mircrosoft.com/fwlink/?LinkID=54896
R0-HKCU\Software\Microsof R1-HKLM\Software\Microsoft\internet explorer\main, default t\Internet Exploer\Main, start page=http://www.yahoo.com/
R1-HKLM\Software\Microsoft\internet explorer\main, default_page_url= http://homepage.acer.com/rdr.aspx?b=ACAW&I=0409&s=2&o=vb32&d=0109&m=aspire_5515
R1-HKLM\Software\Microsoft\internet explorer\main, default_search_URL=http://go.microsoft.com/fwlink/?LinkID=54896
R1-HKLM\Software\Microsoft\internet explorer\main, searchassistant=http://toolbar.inbox.com/search/ie.aspx?tbid=80230
R1-HKLM\Software\Microsoft\internet explorer\main, searchpapge=http://microsoft.com/fwlink/?LinkId= 54896
R0-HKLM\Software\Microsoft\internet explorer\main, start page= http://homepage.acer.com/rdr.aspx?b=ACAW&I=0409&s=2&o=vb32&d=0109&m=aspire_5515
R0-HKLM\Software\Microsoft\internet explorer\search, searchassistant=http://toolbar.inbox.com/search/ie.aspx?tbid=80230
R0-HKLM\Software\Microsoft\internet explorer\search, customizesearch = http://toolbar.inbox.com/help/sa_cuustomize.aspx?tbid=80230
R1-HKCU\Software\Microsoft\ windows\currentversion\ internet settings, ProxyOverride = *.local
R0-HKCU\Software\Microsoft\internet explorer\ toolbar, LinksFolderName =
R3-URLSearchHook: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\ AVG\AVG9\Toolbar\IEToolbar.dll
R3 – URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} – (no file)
01 – Hosts: ::1 localhost
02 – BHO: (no name) – {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} – C:\PROGRA~1\SITERA~1\SiteRank.dll
02 – BHO: AcroIEHelperStud – {18DF091C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\ Common Files\ Adobe\ Acrobat\ ActiveX\AcroIEHelperShim.dll
02 – BHO: Skype add-on (mastermind) – {22BF413B-C6D2-4d91-82A9-A0F997BA588C} – C:\Program Files\ Skypes\toolbar\internet explorer\ skypeIEPlugin.dll
02 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} C:\ Program files\ AVG\AVG9\avgssie.dll
02 – BHO: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\ AVG\AVG9\Toolbar\Ietoolbar.dll
02 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\ Google Toolbar\ Google Toolbar_32.dll
02 – BHO: Google Toolbar Notifier BHO – {AF69DE43 – 7D58 – 4638 – B6FA-CE66B5AD205D} – C:\Program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
03 – Toolbar: AVG Security Toolbar – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} C:\Program Files\ AVG\AVG9|Toolbar\IEToolbar.dll
03 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google Toolbar\ GoogleToolbar_32.dll
04 – HKLM\..\Run: [Windows Defender] %ProgramFiles %\Windows Defender\ MSASCui.exe – hide
04 – HKLM\..\Run: [StartCCC] “C:\Program Files\ ATI Technologies\ ATI.ACE\Core-Static\CLIStart.exe”MSRun
04 – HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
04 – HKLM\..\Run: [SynTPEnh] C:\Program Files \ Synaptics\Syn TP\SynTPEnh.exe
04 – HKLM\..\RUN: [Lmanager] C:\PROGRA~1\LAUNCH~1\Lmanager.exe
04 – HKLM\..\Run: [Google Desktop Search] “C:\ Program files \Google\Google Desktop Search\GoogleDesktop.exe”/startup
04 – HKLM\..\Run: [Bkup Tray] “C:\Program Files\New Tech Infosystems\NTI Backup Now 5\ BkupTray.exe”
04 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\program files \Adobe\Reader 9.0\ Reader\Rader_sl.exe”
04 – HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
04 – HKLM\..\Run: [Acer Assist launcher] C:\Program Files \ Acer\Acer Assist\ launder.exe
04 – HKLM\..\Run: [Acer Product Registration] “C:\program Files\Acer\Acer Registration\Ace1.exe”/ startup
04 – HKLM\..\Run: [Google Quick Search Box] “C:\Program Files\ google\Quick Search Box\GoogleQuickSearchBox.exe”/ autorun
04 – HKLM\..\Run: [SiteRanker] “C:\program Files\ Site Ranker\SiteRank Tray.exe”
04 – HKLM\..\Run: [Skytel] Skytel.exe
04 – HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
04 – HKLM\..\Run: [AppleSyncNotifier] C:\Program files\Common Files\Apple\Mobile Device Support\bin\Applesyncnotifier.exe
04 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\Quicktime\QTTask.exe” –atboottime
04 – HKLM\..\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
04 – HKCU\..\Run: [swg] “C:\Program files\Google\Google toolbarNotifier\Google tollbarNofier.exe”
04 – HKCU\..\Run: [Skype] “C:\Program Files\ Skype\Phone\Skype.exe” /nosplash/ minimized
08 – Extra context menu item: Copy to &Lightning Note – C:\Program files\WorlPerfect Lightning\ Programs\WPLightningCopyToNote.hta
08 – Extra context menu item: E&xport to Microsft Excel – res://C:\PROGRA~1\MICROS~2\EXCEL.EXE/3000
08 – Extra context menu item: Google Sidewiki… -res://C:\Program Files\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
09 – Extra button: Send to Onenote – {2670000A-4f3c-8081-5663EE0C6C49} – C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
09 – Extra ‘Tools’ menuitem: S&end to OneNote – {2670000A-7350-4f3c-8081-5663EE0C6C49} – C:\Program Files\ Skype\toolbars\Internet exploer\SkypeIEPlugin.dll
09 – Extra button: (no name) – {5067A26B-1337-4436-8AFE-EE169C2DA79F} – C:\Program Files\Skype\Toolbars\Internet Exploer\SkypeIEPlugin.dll
09 – Extra ‘Tools’ menuitem: skype add-on for internet exploer – {5067A26B-1337-4436-8AFE-EE169C2DA79F} – C: :\Program Files\Skype\Toolbars\Internet Exploer\SkypeIEPlugin.dll
09- extra button: skype – {77bf5300-1474-4EC7-9980-D32B190E9B07} –C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
09 – extra button: research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
013 – Gopher Prefix:
016 – DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) – http://appldnld.apple.com.edgesuite.net/ content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
016 – DPF: {OCCA191D-13A6-4E29-B746-314DEE697D83} (Facebook photo uploader 5 control) – https://upload.facebook.com/controls/2008.10.10_v5.58/FacebookPhotouploader5.cab
016 – DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook photo uploader 5 control) – https://upload.facebook.com/controls/2009.07.28_v5.5.8/facebookphotouploader55.cab
016 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
016 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
016 – DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5780/mcfscan.cab
018 – Protocal: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVA\AVG9\avgpp.dll
018 – Protocal: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
020 – AppInit_DLLs: AVGRSSTX.DLL, C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll
022 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078303C2030} – C:\Windows\system32\browseui.dll
023 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\ Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
023 – Service: Ati External Event Utility – ATI Technologies Inc. – C:\Windows\system32\Ati2evxx.exe
023 – Service: AVG Free E-mail scanner (avg9emc) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgemc.exe
023- Service: AVG Free WatchDog (avg9wd) - AVG Techonologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgwdsvc.exe
023 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
023 – Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) – New Tech Infosystems, Inc. – C:\Program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
023 – Service: Empowering Technology Service (ETService) – Unknown owner – C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
023 – Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopmanager-110309-193829) – Google – C:\Program Files\Google\Google Desktp Search\GoogleDesktop.exe
023 – Service: Google Update Service (gupdate1ca601ee0e10890) (gupdate1ca601ee0e10890) – Google Inc. – C:\Program Files\ Google\Update\GoogleUpdate.exe
023 – Service: Google Software Updater (gusvc) – Google – C:\Program files\Google\Common\Google Updater\GoogleUpdaterService.exe
023 – Service: iPod Service – Apple inc. – C:\Program files\iPod\bin\iPodService.exe
023 – Service: IviRegMgr – InterVideo – C:\program Files\ common Files\ InterVideo\RegMgr\iviRegMgr.exe
023 – Service: LightScribeService Direct disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
023 – Service: Mobility Service-Unknown owner – C:\Acer\Mobility Center\MobilityService.exe
023 – Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) – New Tech Info Systems, Inc. – C:\Program Files\New Tech Infosystems\NTI Backup Now 5\ BackupSvc.exe
023 – Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) – Unknown owner – C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
023 – Service: ProtexisLicensing – Unknown owner – C:\Windows\system32\PSIService.exe

Nice work, log looks okay, how is the machine running now?

ok. not much difference that i can tell. should all the steps we took take care of the virus? not sure. thanks for your reply.