Hi SuperDave,
No problem on the delay. I appreciate the time you guys put in to help us all with these messes! My sons are both using Firefox browser. We ran Security Check and Combo Fix and will post the logs below. Security Check ran without a hitch. Combo fix would save to the desktop, so I renamed it in Downloads and sent it to the desktop, where it showed up as a shortcut. Clicked on it there and never got a "Start" to click on and now search box to paste the command to. It just went straight into it's process. Hope that is okay and we haven't inadvertently made things worse. Once the log came up, I also realized I forgot to disable Windows Defender.
A couple other things to note: We can get internet on my sons accounts but not on admin. If we try to get internet on admin first, then my sons cannot get it on their accounts either unless the laptop is restarted. Also, on one internet connection yesterday, a Google search for something gave inappropriate responses. Though it hasn't happened since, it is another indication of something amiss.
A side question - One of my sons accidently downloaded ArcSoft a while back in connection with an MP3 player. We have found no way to remove it from the comp. Any ideas?
Thanks so much for your time and attention!
Here are the logs, starting with Security Check:
Results of screen317's Security Check version 0.99.6
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!![/b]
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update. ```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.1.85.3
Mozilla Firefox (3.6.11)
Firefox Out of Date! Mozilla Thunderbird (2.0.0)
Thunderbird Out of Date! ````````````````````````````````
Process Check:
objlist.exe by Laurent Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check: Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?) ``````````End of Log```````````` ComboFix 10-10-30.01 - Admin 10/30/2010 23:03:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1977.809 [GMT -4:00]
Running from: c:\users\John.JOHN-GABE\Downloads\commy.exe.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\John.JOHN-GABE\AppData\Roaming\.#
c:\users\John.JOHN-GABE\AppData\Roaming\.#\MBX@1514@1D32990.###
c:\users\John.JOHN-GABE\AppData\Roaming\.#\MBX@1514@1D329C0.###
c:\users\John.JOHN-GABE\AppData\Roaming\.#\MBX@1514@1D329F0.###
.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-31 )))))))))))))))))))))))))))))))
.
2010-10-31 03:16 . 2010-10-31 03:16 -------- d-----w- c:\users\John & Gabe\AppData\Local\temp
2010-10-31 03:16 . 2010-10-31 03:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 03:15 . 2010-10-31 03:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-10-31 03:15 . 2010-10-31 03:15 -------- d-----w- c:\users\Gabe\AppData\Local\temp
2010-10-29 13:40 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4AA9B060-4A63-4092-9B8C-FD4AA2961631}\mpengine.dll
2010-10-27 16:16 . 2010-10-27 16:16 28672 ----a-r- c:\users\Admin\AppData\Roaming\Microsoft\Installer\{ECBC96EF-6D01-477C-94DC-E604DE55BD2F}\_C6A5AD55231E_431F_B374_D2859072C2BF.exe
2010-10-27 15:57 . 2010-10-27 15:57 28672 ----a-r- c:\users\John.JOHN-GABE\AppData\Roaming\Microsoft\Installer\{ECBC96EF-6D01-477C-94DC-E604DE55BD2F}\_C6A5AD55231E_431F_B374_D2859072C2BF.exe
2010-10-24 22:48 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-14 23:51 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 23:51 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 23:51 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 23:51 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 23:51 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 23:51 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 23:51 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 23:49 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-11 13:37 . 2010-10-11 13:37 -------- d-----w- c:\program files\Common Files\Java
2010-10-11 13:37 . 2010-09-15 08:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-11 13:37 . 2010-09-15 08:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-10-02 20:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-14 16:46 . 2010-09-14 16:46 28672 ----a-r- c:\users\Gabe\AppData\Roaming\Microsoft\Installer\{ECBC96EF-6D01-477C-94DC-E604DE55BD2F}\_C6A5AD55231E_431F_B374_D2859072C2BF.exe
2010-09-07 15:11 . 2009-01-22 04:00 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-01-22 04:00 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-01-22 04:00 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-01-22 04:00 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-01-22 04:00 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-01-22 04:00 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-17 13:32 . 2010-09-15 12:57 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-11 00:39 . 2009-11-01 01:42 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 17:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 14:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-20 6244896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-26 28672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 145944]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-07-02 850440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-22 159744]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-07-24 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-07-24 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-07-18 167936]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-13 198160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\John & Gabe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\users\John.JOHN-GABE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MediaImpression Downloader.lnk - c:\program files\ArcSoft\Software Suite\MediaImpression Downloader\MediaImpressionDownloader.exe [2010-3-30 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-26 131072]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2007-01-30 451072]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-11 30192]
R3 mr97310c;CIF Dual-Mode Camera;c:\windows\system32\DRIVERS\mr97310c.sys [2008-03-27 116992]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 541800]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
R3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys [2007-12-11 480128]
R3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\Drivers\ZS211.sys [2007-12-13 1472000]
S1 aswSP;aswSP;
S1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-01-13 72992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-07-18 61424]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [2009-01-13 1078560]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-17 81504]
S2 NOF;Norton Online;c:\program files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe [2010-05-23 126904]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-26 45056]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-17 122368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-05-31 93968]
S3 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A};Symantec Redirector - Norton Safety Minder;c:\windows\System32\Drivers\NSM\0200000.030\SymRdr.SYS [2010-05-11 180912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 01:08]
2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-29 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4730z
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=1008&m=aspire_4730z
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bkaikqlz.default\
FF - component: c:\programdata\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.0.0.42\coFFFw\components\coFFFw.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bkaikqlz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bkaikqlz.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-eRecoveryService - (no file)
AddRemove-{9C049499-055C-4a0c-A916-1D8CA1FF45EB} - c:\program files\\InstallShield Installation Information\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}\Install.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-10-30 23:18
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NOF]
"ImagePath"="\"c:\program files\Norton Online\Engine\2.0.0.71\ccSvcHst.exe\" /s \"NOF\" /m \"c:\program files\Norton Online\Engine\2.0.0.71\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-10-30 23:35:23
ComboFix-quarantined-files.txt 2010-10-31 03:35
Pre-Run: 4,290,056,192 bytes free
Post-Run: 6,122,352,640 bytes free
- - End Of File - - 4A9D43A8A460D5BEC80F9C2B04ACD928