Jump to content


Photo

Malwarebytes and Hijackthis log files


  • This topic is locked This topic is locked
30 replies to this topic

#1 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 18 November 2011 - 09:20 PM

Can anyone help?

Here is the log file:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8191
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/18/2011 6:28:36 PM
mbam-log-2011-11-18 (18-28-36).txt
Scan type: Quick scan
Objects scanned: 222270
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Harley\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:13:23 PM, on 11/18/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Users\Jacque\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPBW0QZQ\HijackThis.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Jacque\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...111&m=dx4710-05
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll
R3 - URLSearchHook: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: Toolbar BHO - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\PROGRA~2\Guffins\bar\1.bin\u4bar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\Complitly.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Search Assistant BHO - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O3 - Toolbar: Guffins - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe
O4 - HKLM\..\Run: [LedKey] CNYHKey.exe
O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe
O4 - HKLM\..\Run: [Smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Info Center] "C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe"
O4 - HKLM\..\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?
O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Guffins Service (GuffinsService) - Guffins - C:\PROGRA~2\Guffins\bar\1.bin\u4barsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
--
End of file - 12527 bytes

#2 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 20 November 2011 - 06:21 PM

Hello Anderson and :wp:

My name is JonTom
  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Please let me know exactly how the machine is behaving.

Lets run the following scans:
  • Download and run OTL by Oldtimer
  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
  • aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.
Posted Image

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

Please post the OTL logs and the aswMBR log in your next reply (you may need to make more than one post to fit all of the information in).

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#3 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 20 November 2011 - 10:54 PM

Hi! Thank you so much for offering to help me. I am receiving a lot of Internet Explorer can not display web page. I can get the web pages to open, but usually have to refresh the page several times in order to do so. My Windows Live Mail will not open. It says my Calendar contains corrupt data. Here are my file logs you asked for. Again, thank you so much for helping!


OTL logfile created on: 11/20/2011 8:15:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 59.25% Memory free
12.15 Gb Paging File | 10.06 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 586.40 Gb Total Space | 487.35 Gb Free Space | 83.11% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 20:10:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJacqueDownloadsOTL.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe
PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe
PRC - [2011/09/03 11:41:24 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:Program Files (x86)RealRealPlayerUpdaterealsched.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe
PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe
PRC - [2009/12/18 13:25:18 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe
PRC - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe
PRC - [2009/12/18 13:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe
PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:Program Files (x86)IOISmart CopyButtonMonitor.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:WindowsCNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:WindowsChiFuncExt.exe
PRC - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:WindowsModLEDKey.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 17:47:32 | 000,971,264 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll
MOD - [2011/10/12 17:44:05 | 005,450,752 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll
MOD - [2011/10/12 17:43:47 | 012,430,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:43:36 | 001,587,200 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll
MOD - [2011/10/12 17:42:29 | 007,950,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll
MOD - [2011/10/12 17:42:20 | 011,490,816 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:Program Files (x86)Common FileslogishrdLWSPluginsLWSAppletsCameraHelperDevManagerCore.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTCore4.dll
MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WifiSvcLib.dll
MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe
MOD - [2008/05/21 16:36:34 | 000,040,960 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIUSBLib.dll
MOD - [2008/05/21 16:36:34 | 000,032,768 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIHIDLib.dll
MOD - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/29 11:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.exe -- (XAudioService)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE -- (BBUpdate)
SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:Program Files (x86)Guffinsbar1.binu4barsvc.exe -- (GuffinsService)
SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/09 06:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)WildTangent GamesAppGamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)NETGEARWNA3100WifiSvc.exe -- (WSWNA3100)
SRV - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSNisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/09/29 11:05:16 | 001,244,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSbcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSfssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/14 14:04:28 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:WindowsSysNativeDRIVERSsbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/20 09:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSnpf.sys -- (NPF)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSwpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/05 16:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSathrx.sys -- (athr)
DRV:64bit: - [2008/12/04 22:55:28 | 000,303,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSe1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/24 19:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSigdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversPxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSsscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007/06/29 11:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/20 06:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/06/20 06:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2007/06/20 06:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSiaStor.sys -- (iaStor)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSscmndisp.sys -- (SCMNdisP)
DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSmdmxsdk.sys -- (mdmxsdk)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:WindowsSysWOW64driversint15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gate...111&m=dx4710-05
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gate...111&m=dx4710-05

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 80 9F 5C 40 48 D8 CB 01 [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE - HKCU..URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU..URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLMSoftwareMozillaPlugins@Guffins.com/Plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll (Guffins)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@mywebsearch.com/Plugin: C:Program Files (x86)MyWebSearchbar1.binNPMyWebS.dll File not found
FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)
FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)
FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered8NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/11/16 11:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2011/11/18 14:54:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensions
[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensionshome2@tomtom.com
[2011/11/18 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:WindowsSysNativedriversetcHosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll (SimplyGen)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitlyComplitly.dll (SimplyGen)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)
O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)
O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)
O3 - HKLM..Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O3 - HKLM..Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKCU..ToolbarWebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O3 - HKCU..ToolbarWebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..Run: [CanonSolutionMenu] C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..Run: [IAAnotif] C:Program Files (X86)IntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [IgfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [Info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..Run: [LchDrvKey] C:WindowsLchDrvKey.exe ()
O4 - HKLM..Run: [LedKey] C:WindowsCNYHKey.exe (Creative)
O4 - HKLM..Run: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)
O4 - HKLM..Run: [MaxMenuMgr] C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe (Seagate LLC)
O4 - HKLM..Run: [Smart Copy] C:Program Files (x86)IOISmart CopyButtonMonitor.exe (IOI)
O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)
O4 - HKLM..Run: [Trigger New Acer AlaunchX] c:ACERPreloadCommandAlaunchXAppInRun.exe (Acer Inc.)
O4 - HKCU..Run: [Advanced SystemCare 5] C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe (IObit)
O4 - HKLM..RunOnce: [New Acer AlaunchX] c:ACERPreloadCommandAlaunchXLaunchAlaunchX.exe (Acer Inc.)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60}: DhcpNameServer = 192.168.1.254
O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg
O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/04 09:07:10 | 000,000,062 | ---- | M] () - I:Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 19:38:19 | 000,000,000 | ---D | C] -- C:ProgramDataRoboForm
[2011/11/18 19:38:17 | 000,000,000 | ---D | C] -- C:UsersJacqueDocumentsMy RoboForm Data
[2011/11/18 19:37:53 | 000,000,000 | ---D | C] -- C:ProgramDataIObit
[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingIObit
[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5
[2011/11/18 19:36:49 | 000,000,000 | ---D | C] -- C:Program Files (x86)IObit
[2011/11/18 18:21:28 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingMalwarebytes
[2011/11/18 18:20:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware
[2011/11/18 18:20:00 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes
[2011/11/18 18:19:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys
[2011/11/18 18:19:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware
[2011/11/18 15:35:53 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalSeven Zip
[2011/11/18 14:54:20 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalMozilla
[2011/11/18 14:54:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox
[2011/11/18 08:46:24 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}
[2011/11/18 08:46:14 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}
[2011/11/17 08:21:08 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}
[2011/11/17 08:20:58 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}
[2011/11/16 14:36:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalElevatedDiagnostics
[2011/11/16 13:10:30 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner
[2011/11/16 13:10:28 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner
[2011/11/16 12:54:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingPC Cleaners
[2011/11/16 12:54:10 | 005,359,888 | ---- | C] (PC Cleaners) -- C:Windowsuninst.exe
[2011/11/16 12:54:09 | 000,000,000 | ---D | C] -- C:ProgramDataPC1Data
[2011/11/16 12:47:10 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft
[2011/11/16 12:04:00 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}
[2011/11/16 12:03:50 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}
[2011/11/16 09:35:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}
[2011/11/16 09:35:23 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}
[2011/11/15 09:10:07 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}
[2011/11/15 09:09:46 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}
[2011/11/15 07:59:35 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed
[2011/11/12 23:28:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingComplitly
[2011/11/12 23:28:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Complitly
[2011/11/12 23:28:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)vShare.tv plugin
[2011/11/11 13:22:22 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}
[2011/11/11 13:22:12 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}
[2011/11/08 14:17:01 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}
[2011/11/08 14:16:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}
[2011/11/04 12:16:55 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}
[2011/11/04 12:16:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}
[2011/11/03 10:16:02 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}
[2011/11/03 10:15:52 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}
[2011/11/03 08:01:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime
[2011/11/03 08:01:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)QuickTime
[2011/11/03 08:01:36 | 000,000,000 | ---D | C] -- C:ProgramDataApple Computer
[2011/10/25 13:57:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{6F0FDC43-E4C0-4019-B826-EB9193C858F7}
[2011/10/25 13:57:37 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{7E332ECA-5E97-46DD-AF36-9D4E117F62F0}
[2011/10/25 13:56:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1BCE783F-C19A-4E90-A18B-D6275168E6E0}
[2011/10/25 13:56:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{308F69E1-F3E7-46B4-AC92-A4061248C0ED}
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts
[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/20 20:15:13 | 000,001,203 | ---- | M] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk
[2011/11/20 19:26:29 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 19:26:29 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/20 18:10:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2011/11/20 10:19:15 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2011/11/20 09:32:01 | 000,706,824 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2011/11/20 09:32:01 | 000,606,364 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2011/11/20 09:32:01 | 000,104,964 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2011/11/20 09:26:28 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2011/11/18 19:36:58 | 000,001,080 | ---- | M] () -- C:UsersPublicDesktopQuick Care.lnk
[2011/11/18 19:36:57 | 000,001,058 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk
[2011/11/18 18:34:24 | 000,693,664 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT
[2011/11/18 18:20:01 | 000,000,950 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk
[2011/11/18 17:34:24 | 000,000,272 | ---- | M] () -- C:Windowsreimage.ini
[2011/11/18 14:54:16 | 000,000,914 | ---- | M] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,890 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk
[2011/11/17 14:37:03 | 000,245,494 | ---- | M] () -- C:WindowsSysNativeoem53.inf
[2011/11/16 13:10:30 | 000,000,772 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk
[2011/11/16 12:53:45 | 005,359,888 | ---- | M] (PC Cleaners) -- C:Windowsuninst.exe
[2011/11/11 14:44:07 | 000,000,235 | ---- | M] () -- C:Windowsulead32.ini
[2011/11/03 08:01:54 | 000,001,758 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk
[2011/10/24 18:50:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts
[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 20:15:06 | 000,001,203 | ---- | C] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk
[2011/11/18 19:36:58 | 000,001,080 | ---- | C] () -- C:UsersPublicDesktopQuick Care.lnk
[2011/11/18 19:36:57 | 000,001,058 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk
[2011/11/18 18:20:01 | 000,000,950 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk
[2011/11/18 17:34:13 | 000,000,272 | ---- | C] () -- C:Windowsreimage.ini
[2011/11/18 14:54:16 | 000,000,914 | ---- | C] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,902 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,890 | ---- | C] () -- C:UsersPublicDesktopMozilla Firefox.lnk
[2011/11/17 14:37:11 | 000,245,494 | ---- | C] () -- C:WindowsSysNativeoem53.inf
[2011/11/16 13:10:30 | 000,000,772 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk
[2011/11/03 08:01:54 | 000,001,758 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk
[2011/09/14 20:14:40 | 000,000,274 | ---- | C] () -- C:Windowsdisney.ini
[2011/09/03 11:45:35 | 000,000,328 | ---- | C] () -- C:Windowswininit.ini
[2011/06/26 15:52:52 | 000,016,703 | ---- | C] () -- C:Windowscscmondump.bin
[2011/04/15 19:35:03 | 000,000,235 | ---- | C] () -- C:Windowsulead32.ini
[2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:WindowsSysWow64LogiDPP.dll
[2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:WindowsSysWow64LogiDPPApp.exe
[2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:WindowsSysWow64DevManagerCore.dll
[2011/03/15 19:38:35 | 000,048,640 | ---- | C] () -- C:UsersJacqueAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/14 12:51:03 | 000,053,299 | ---- | C] () -- C:WindowsSysWow64pthreadVC.dll
[2011/02/21 15:57:32 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat
[2011/01/31 16:40:46 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll
[2011/01/31 16:40:25 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll
[2011/01/31 16:39:46 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin
[2011/01/31 10:02:31 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin
[2011/01/30 17:31:52 | 000,721,296 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI
[2011/01/30 12:56:38 | 000,005,115 | ---- | C] () -- C:ProgramDataN360BUOptions.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini
[2007/01/02 03:12:02 | 000,581,120 | ---- | C] () -- C:WindowsmHotkey.exe
[2007/01/02 03:12:02 | 000,294,912 | ---- | C] () -- C:WindowsPIC.dll
[2007/01/02 03:12:02 | 000,036,864 | ---- | C] () -- C:WindowsLchDrvKey.exe
[2007/01/02 03:12:02 | 000,000,870 | ---- | C] () -- C:Windowsmhotkey_reg.ini
[2007/01/02 02:26:58 | 002,215,364 | ---- | C] () -- C:WindowsSysWow64igklg400.bin
[2007/01/02 02:26:58 | 001,971,732 | ---- | C] () -- C:WindowsSysWow64igklg450.bin
[2007/01/02 02:26:58 | 000,029,932 | ---- | C] () -- C:WindowsSysWow64igmedcompkrn.bin
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:WindowsSysWow64vidx16.dll

========== LOP Check ==========

[2011/09/06 20:49:13 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingBandoo
[2011/02/22 17:21:29 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingCanon
[2011/11/12 23:28:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingComplitly
[2011/11/18 19:36:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIObit
[2011/06/01 14:22:12 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIrfanView
[2011/01/31 19:09:30 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLeadertech
[2011/02/21 19:24:04 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLudia
[2011/05/20 16:28:41 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingmuvee Technologies
[2011/02/10 14:18:32 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingOpenOffice.org
[2011/11/16 12:54:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPC Cleaners
[2011/02/12 17:17:43 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPlayFirst
[2011/06/17 10:34:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSchool Zone Preferences
[2011/04/06 09:04:33 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSouthwest Airlines
[2011/03/28 08:17:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingTomTom
[2011/06/09 21:00:11 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWal-Mart Digital Photo Viewer
[2011/01/31 22:08:50 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWindows Live Writer
[2011/11/19 22:44:52 | 000,032,596 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:WindowsSysNativedriversAGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fcAGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/04/18 00:33:46 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB7xxRAIDLHahcix86s.sys
[2007/04/16 04:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB6xxRAIDLH64Aahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:WindowsSysNativedriversatapi.sys
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2atapi.sys
[2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1eatapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:WindowsSysNativecngaudit.dll
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1ccngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriverIaStor.sys
[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriver64IaStor.sys
[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:WindowsSysNativedriversiaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:WindowsSysNativedriversiaStorV.sys
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598dnetlogon.dll
[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll
[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4netlogon.dll
[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:WindowsSysNativenetlogon.dll
[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:WindowsSysNativedriversnvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159dnvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048scecli.dll
[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll
[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8fscecli.dll
[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:WindowsSysNativescecli.dll
[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94scecli.dll

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >
[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32drivers*.sys /90 >
< End of report >

OTL Extras logfile created on: 11/20/2011 8:15:36 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 59.25% Memory free
12.15 Gb Paging File | 10.06 Gb Available in Paging File | 82.80% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 586.40 Gb Total Space | 487.35 Gb Free Space | 83.11% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]
.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%system32mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%system32mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = C9 7E C3 1B 9B C1 CB 01 [binary data]

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{2906035B-DCB4-469F-8E84-7CE85EA83DDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A5514C4E-29B4-4267-AEAD-60396649E3EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]
"{097E7410-03F2-49BE-BC6B-F0CF23D0216C}" = protocol=17 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold_crusader_extreme.exe |
"{35F4D5FB-2EFD-4CB6-96F2-C9F78E09AAE4}" = protocol=6 | dir=in | app=c:program files (x86)veetleplayerveetlenet.exe |
"{5FCF8F2D-0DFF-46BE-9E57-C91A08741F9F}" = protocol=17 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold crusader.exe |
"{613FCBE0-D706-4D4F-969A-13B03CA4A0D6}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |
"{679510C9-CB34-4D3B-9CB6-5C6F530C79BE}" = protocol=17 | dir=in | app=c:program files (x86)gamespy arcadeaphex.exe |
"{7322E954-9A2F-473F-BF02-5CC571B1C623}" = protocol=17 | dir=in | app=c:program files (x86)logitechvid hdvid.exe |
"{A2E0EB4B-E9DC-40C4-8646-4FC0CFE201A9}" = protocol=6 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold_crusader_extreme.exe |
"{A313061B-5DA4-40ED-9164-3EE0917F823E}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe |
"{B39388D0-4B76-4099-965D-607AE610E22F}" = protocol=6 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold crusader.exe |
"{BB4B48A5-C3EE-4078-9B97-CB855FB71E5E}" = protocol=6 | dir=in | app=c:program files (x86)logitechvid hdvid.exe |
"{EDBCC59C-0162-4AF9-903F-DA56B9513F64}" = dir=in | app=c:program files (x86)skypephoneskype.exe |
"{F461624C-BB3A-44D5-8674-A047A731BBAC}" = protocol=6 | dir=in | app=c:program files (x86)gamespy arcadeaphex.exe |
"{F979252F-ADBF-4FB7-9A0B-60DE3B6DB791}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{090A4D4C-24B2-4248-BFF2-AC30D2E0676B}" = Marvell® Wireless Card Software Package
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microso

#4 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 20 November 2011 - 11:04 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-11-20 20:38:26 ----------------------------- 20:38:26.981 OS Version: Windows x64 6.0.6002 Service Pack 2 20:38:26.981 Number of processors: 4 586 0xF0B 20:38:26.981 ComputerName: JACQUE-PC UserName: Jacque 20:38:29.228 Initialize success 20:40:18.232 AVAST engine defs: 11112001 20:40:31.461 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 20:40:31.461 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3 20:40:31.461 Disk 0 MBR read successfully 20:40:31.476 Disk 0 MBR scan 20:40:31.476 Disk 0 unknown MBR code 20:40:31.476 Service scanning 20:40:31.898 Service MpNWMon C:Windowssystem32DRIVERSMpNWMon.sys **LOCKED** 32 20:40:32.537 Modules scanning 20:40:32.537 Disk 0 trace - called modules: 20:40:32.537 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 20:40:32.537 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa80069de790] 20:40:32.553 3 CLASSPNP.SYS[fffffa600124ec33] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0xfffffa8006755050] 20:40:35.049 AVAST engine scan C:Windows 20:40:40.462 AVAST engine scan C:Windowssystem32 20:42:24.686 AVAST engine scan C:Windowssystem32drivers 20:42:38.507 AVAST engine scan C:UsersJacque 21:44:45.261 AVAST engine scan C:ProgramData 21:49:45.545 Scan finished successfully 21:50:02.923 Disk 0 MBR has been saved successfully to "C:UsersJacqueDocumentsMBR.dat" 21:50:03.017 The log file has been saved successfully to "C:UsersJacqueDocumentsaswMBR.txt"

#5 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 20 November 2011 - 11:14 PM

I want to add that I do have an external hard drive hooked up to my computer. I had to restore the computer back in January and after doing so, I installed the external. I don't know if it would be easier to fix this problem with the information on the external or if the external would have corrupt files also. I was told to add the external, but wasn't taught how to use it. Again, thank you so much for your help.

#6 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 21 November 2011 - 03:12 AM

Hello Anderson

It looks as though the OTL extras.txt got cut off when you posted it.

Please post the rest of the log starting from the "==== HKEY_LOCAL_MACHINE Uninstall List ====" section :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#7 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 21 November 2011 - 01:37 PM

My computer would not let me save the log file to my desk top, so I had to run a new scan.

OTL logfile created on: 11/21/2011 12:14:05 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.99 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.10% Memory free
12.09 Gb Paging File | 10.08 Gb Available in Paging File | 83.39% Paging File free
Paging file location(s): ?:pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)
Drive C: | 586.40 Gb Total Space | 485.97 Gb Free Space | 82.87% Space Free | Partition Type: NTFS
Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/20 20:10:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJacqueDownloadsOTL.exe
PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe
PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe
PRC - [2011/10/24 18:50:14 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:WindowsSysWOW64MacromedFlashFlashUtil11c_ActiveX.exe
PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe
PRC - [2011/09/03 11:41:24 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:Program Files (x86)RealRealPlayerUpdaterealsched.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE
PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe
PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe
PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe
PRC - [2009/12/18 13:25:18 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe
PRC - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe
PRC - [2009/12/18 13:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe
PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe
PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:Program Files (x86)IOISmart CopyButtonMonitor.exe
PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:WindowsCNYHKey.exe
PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:WindowsChiFuncExt.exe
PRC - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe
PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:WindowsModLEDKey.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 17:47:32 | 000,971,264 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll
MOD - [2011/10/12 17:44:05 | 005,450,752 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll
MOD - [2011/10/12 17:43:47 | 012,430,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll
MOD - [2011/10/12 17:43:36 | 001,587,200 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll
MOD - [2011/10/12 17:42:29 | 007,950,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll
MOD - [2011/10/12 17:42:20 | 011,490,816 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll
MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:Program Files (x86)Common FileslogishrdLWSPluginsLWSAppletsCameraHelperDevManagerCore.dll
MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTCore4.dll
MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe
MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WifiSvcLib.dll
MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe
MOD - [2008/05/21 16:36:34 | 000,040,960 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIUSBLib.dll
MOD - [2008/05/21 16:36:34 | 000,032,768 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIHIDLib.dll
MOD - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe -- (ETService)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/06/29 11:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.exe -- (XAudioService)
SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE -- (BBUpdate)
SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:Program Files (x86)Guffinsbar1.binu4barsvc.exe -- (GuffinsService)
SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/03/09 06:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)WildTangent GamesAppGamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)NETGEARWNA3100WifiSvc.exe -- (WSWNA3100)
SRV - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel®


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSNisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/09/29 11:05:16 | 001,244,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSbcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSfssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/14 14:04:28 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:WindowsSysNativeDRIVERSsbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/20 09:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSnpf.sys -- (NPF)
DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSwpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/05 16:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSathrx.sys -- (athr)
DRV:64bit: - [2008/12/04 22:55:28 | 000,303,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSe1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/03/24 19:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSigdkmd64.sys -- (igfx)
DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversPxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSsscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007/06/29 11:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.sys -- (XAudio)
DRV:64bit: - [2007/06/20 06:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/06/20 06:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAXHWBS2.sys -- (CAXHWBS2)
DRV:64bit: - [2007/06/20 06:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSiaStor.sys -- (iaStor)
DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSscmndisp.sys -- (SCMNdisP)
DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSmdmxsdk.sys -- (mdmxsdk)
DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:WindowsSysWOW64driversint15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gate...111&m=dx4710-05
IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gate...111&m=dx4710-05

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 80 9F 5C 40 48 D8 CB 01 [binary data]
IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1
IE - HKCU..URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found
IE - HKCU..URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)
IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLMSoftwareMozillaPlugins@Guffins.com/Plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll (Guffins)
FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)
FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)
FF - HKLMSoftwareMozillaPlugins@mywebsearch.com/Plugin: C:Program Files (x86)MyWebSearchbar1.binNPMyWebS.dll File not found
FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)
FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)
FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)
FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)
FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered8NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin
FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/11/16 11:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2011/11/18 14:54:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensions
[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensionshome2@tomtom.com
[2011/11/18 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions
[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll
[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml
[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:WindowsSysNativedriversetcHosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll (SimplyGen)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitlyComplitly.dll (SimplyGen)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)
O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)
O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)
O3 - HKLM..Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O3 - HKLM..Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)
O3 - HKCU..ToolbarWebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()
O3 - HKCU..ToolbarWebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)
O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..Run: [CanonSolutionMenu] C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..Run: [IAAnotif] C:Program Files (X86)IntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [IgfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)
O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)
O4 - HKLM..Run: [Info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)
O4 - HKLM..Run: [LchDrvKey] C:WindowsLchDrvKey.exe ()
O4 - HKLM..Run: [LedKey] C:WindowsCNYHKey.exe (Creative)
O4 - HKLM..Run: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)
O4 - HKLM..Run: [MaxMenuMgr] C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe (Seagate LLC)
O4 - HKLM..Run: [Smart Copy] C:Program Files (x86)IOISmart CopyButtonMonitor.exe (IOI)
O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)
O4 - HKLM..Run: [Trigger New Acer AlaunchX] c:ACERPreloadCommandAlaunchXAppInRun.exe (Acer Inc.)
O4 - HKCU..Run: [Advanced SystemCare 5] C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe (IObit)
O4 - HKLM..RunOnce: [New Acer AlaunchX] c:ACERPreloadCommandAlaunchXLaunchAlaunchX.exe (Acer Inc.)
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WindowsSysWOW64MacromedFlashFlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1
O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254
O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60}: DhcpNameServer = 192.168.1.254
O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found
O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found
O18:64bit: - ProtocolHandlerwlpg - No CLSID value found
O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)
O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg
O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/02/04 09:07:10 | 000,000,062 | ---- | M] () - I:Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM..comfile [open] -- "%1" %*
O35:64bit: - HKLM..exefile [open] -- "%1" %*
O35 - HKLM..comfile [open] -- "%1" %*
O35 - HKLM..exefile [open] -- "%1" %*
O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*
O37 - HKLM...com [@ = comfile] -- "%1" %*
O37 - HKLM...exe [@ = exefile] -- "%1" %*


========== Files/Folders - Created Within 30 Days ==========

[2011/11/18 19:38:19 | 000,000,000 | ---D | C] -- C:ProgramDataRoboForm
[2011/11/18 19:38:17 | 000,000,000 | ---D | C] -- C:UsersJacqueDocumentsMy RoboForm Data
[2011/11/18 19:37:53 | 000,000,000 | ---D | C] -- C:ProgramDataIObit
[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingIObit
[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5
[2011/11/18 19:36:49 | 000,000,000 | ---D | C] -- C:Program Files (x86)IObit
[2011/11/18 18:21:28 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingMalwarebytes
[2011/11/18 18:20:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware
[2011/11/18 18:20:00 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes
[2011/11/18 18:19:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys
[2011/11/18 18:19:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware
[2011/11/18 15:35:53 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalSeven Zip
[2011/11/18 14:54:20 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalMozilla
[2011/11/18 14:54:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox
[2011/11/18 08:46:24 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}
[2011/11/18 08:46:14 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}
[2011/11/17 08:21:08 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}
[2011/11/17 08:20:58 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}
[2011/11/16 14:36:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalElevatedDiagnostics
[2011/11/16 13:10:30 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner
[2011/11/16 13:10:28 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner
[2011/11/16 12:54:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingPC Cleaners
[2011/11/16 12:54:10 | 005,359,888 | ---- | C] (PC Cleaners) -- C:Windowsuninst.exe
[2011/11/16 12:54:09 | 000,000,000 | ---D | C] -- C:ProgramDataPC1Data
[2011/11/16 12:47:10 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft
[2011/11/16 12:04:00 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}
[2011/11/16 12:03:50 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}
[2011/11/16 09:35:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}
[2011/11/16 09:35:23 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}
[2011/11/15 09:10:07 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}
[2011/11/15 09:09:46 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}
[2011/11/15 07:59:35 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed
[2011/11/12 23:28:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingComplitly
[2011/11/12 23:28:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Complitly
[2011/11/12 23:28:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)vShare.tv plugin
[2011/11/11 13:22:22 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}
[2011/11/11 13:22:12 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}
[2011/11/08 14:17:01 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}
[2011/11/08 14:16:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}
[2011/11/04 12:16:55 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}
[2011/11/04 12:16:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}
[2011/11/03 10:16:02 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}
[2011/11/03 10:15:52 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}
[2011/11/03 08:01:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime
[2011/11/03 08:01:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)QuickTime
[2011/11/03 08:01:36 | 000,000,000 | ---D | C] -- C:ProgramDataApple Computer
[2011/10/25 13:57:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{6F0FDC43-E4C0-4019-B826-EB9193C858F7}
[2011/10/25 13:57:37 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{7E332ECA-5E97-46DD-AF36-9D4E117F62F0}
[2011/10/25 13:56:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1BCE783F-C19A-4E90-A18B-D6275168E6E0}
[2011/10/25 13:56:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{308F69E1-F3E7-46B4-AC92-A4061248C0ED}
[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts
[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 12:13:47 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 12:13:47 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/21 12:10:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job
[2011/11/21 10:18:10 | 000,706,824 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI
[2011/11/21 10:18:10 | 000,606,364 | ---- | M] () -- C:WindowsSysNativeperfh009.dat
[2011/11/21 10:18:10 | 000,104,964 | ---- | M] () -- C:WindowsSysNativeperfc009.dat
[2011/11/21 10:16:29 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job
[2011/11/21 10:13:44 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat
[2011/11/20 21:50:03 | 000,000,512 | ---- | M] () -- C:UsersJacqueDocumentsMBR.dat
[2011/11/20 20:15:13 | 000,001,203 | ---- | M] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk
[2011/11/18 19:36:58 | 000,001,080 | ---- | M] () -- C:UsersPublicDesktopQuick Care.lnk
[2011/11/18 19:36:57 | 000,001,058 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk
[2011/11/18 18:34:24 | 000,693,664 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT
[2011/11/18 18:20:01 | 000,000,950 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk
[2011/11/18 17:34:24 | 000,000,272 | ---- | M] () -- C:Windowsreimage.ini
[2011/11/18 14:54:16 | 000,000,914 | ---- | M] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,890 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk
[2011/11/17 14:37:03 | 000,245,494 | ---- | M] () -- C:WindowsSysNativeoem53.inf
[2011/11/16 13:10:30 | 000,000,772 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk
[2011/11/16 12:53:45 | 005,359,888 | ---- | M] (PC Cleaners) -- C:Windowsuninst.exe
[2011/11/11 14:44:07 | 000,000,235 | ---- | M] () -- C:Windowsulead32.ini
[2011/11/03 08:01:54 | 000,001,758 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk
[2011/10/24 18:50:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl
[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx
[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts
[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/20 21:50:02 | 000,000,512 | ---- | C] () -- C:UsersJacqueDocumentsMBR.dat
[2011/11/20 20:15:06 | 000,001,203 | ---- | C] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk
[2011/11/18 19:36:58 | 000,001,080 | ---- | C] () -- C:UsersPublicDesktopQuick Care.lnk
[2011/11/18 19:36:57 | 000,001,058 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk
[2011/11/18 18:20:01 | 000,000,950 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk
[2011/11/18 17:34:13 | 000,000,272 | ---- | C] () -- C:Windowsreimage.ini
[2011/11/18 14:54:16 | 000,000,914 | ---- | C] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,902 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk
[2011/11/18 14:54:16 | 000,000,890 | ---- | C] () -- C:UsersPublicDesktopMozilla Firefox.lnk
[2011/11/17 14:37:11 | 000,245,494 | ---- | C] () -- C:WindowsSysNativeoem53.inf
[2011/11/16 13:10:30 | 000,000,772 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk
[2011/11/03 08:01:54 | 000,001,758 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk
[2011/09/14 20:14:40 | 000,000,274 | ---- | C] () -- C:Windowsdisney.ini
[2011/09/03 11:45:35 | 000,000,328 | ---- | C] () -- C:Windowswininit.ini
[2011/06/26 15:52:52 | 000,016,703 | ---- | C] () -- C:Windowscscmondump.bin
[2011/04/15 19:35:03 | 000,000,235 | ---- | C] () -- C:Windowsulead32.ini
[2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:WindowsSysWow64LogiDPP.dll
[2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:WindowsSysWow64LogiDPPApp.exe
[2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:WindowsSysWow64DevManagerCore.dll
[2011/03/15 19:38:35 | 000,048,640 | ---- | C] () -- C:UsersJacqueAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/14 12:51:03 | 000,053,299 | ---- | C] () -- C:WindowsSysWow64pthreadVC.dll
[2011/02/21 15:57:32 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat
[2011/01/31 16:40:46 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll
[2011/01/31 16:40:25 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll
[2011/01/31 16:39:46 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin
[2011/01/31 10:02:31 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin
[2011/01/30 17:31:52 | 000,721,296 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI
[2011/01/30 12:56:38 | 000,005,115 | ---- | C] () -- C:ProgramDataN360BUOptions.ini
[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini
[2007/01/02 03:12:02 | 000,581,120 | ---- | C] () -- C:WindowsmHotkey.exe
[2007/01/02 03:12:02 | 000,294,912 | ---- | C] () -- C:WindowsPIC.dll
[2007/01/02 03:12:02 | 000,036,864 | ---- | C] () -- C:WindowsLchDrvKey.exe
[2007/01/02 03:12:02 | 000,000,870 | ---- | C] () -- C:Windowsmhotkey_reg.ini
[2007/01/02 02:26:58 | 002,215,364 | ---- | C] () -- C:WindowsSysWow64igklg400.bin
[2007/01/02 02:26:58 | 001,971,732 | ---- | C] () -- C:WindowsSysWow64igklg450.bin
[2007/01/02 02:26:58 | 000,029,932 | ---- | C] () -- C:WindowsSysWow64igmedcompkrn.bin
[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat
[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat
[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT
[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat
[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin
[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:WindowsSysWow64vidx16.dll

========== LOP Check ==========

[2011/09/06 20:49:13 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingBandoo
[2011/02/22 17:21:29 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingCanon
[2011/11/12 23:28:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingComplitly
[2011/11/18 19:36:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIObit
[2011/06/01 14:22:12 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIrfanView
[2011/01/31 19:09:30 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLeadertech
[2011/02/21 19:24:04 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLudia
[2011/05/20 16:28:41 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingmuvee Technologies
[2011/02/10 14:18:32 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingOpenOffice.org
[2011/11/16 12:54:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPC Cleaners
[2011/02/12 17:17:43 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPlayFirst
[2011/06/17 10:34:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSchool Zone Preferences
[2011/04/06 09:04:33 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSouthwest Airlines
[2011/03/28 08:17:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingTomTom
[2011/06/09 21:00:11 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWal-Mart Digital Photo Viewer
[2011/01/31 22:08:50 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWindows Live Writer
[2011/11/20 22:22:02 | 000,032,596 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%*.exe >


< MD5 for: AGP440.SYS >
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:WindowsSysNativedriversAGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0AGP440.sys
[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fcAGP440.sys

< MD5 for: AHCIX86S.SYS >
[2008/04/18 00:33:46 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB7xxRAIDLHahcix86s.sys
[2007/04/16 04:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB6xxRAIDLH64Aahcix86s.sys

< MD5 for: ATAPI.SYS >
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:WindowsSysNativedriversatapi.sys
[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2atapi.sys
[2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1eatapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:WindowsSysNativecngaudit.dll
[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1ccngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll
[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriverIaStor.sys
[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriver64IaStor.sys
[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:WindowsSysNativedriversiaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:WindowsSysNativedriversiaStorV.sys
[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598dnetlogon.dll
[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll
[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4netlogon.dll
[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:WindowsSysNativenetlogon.dll
[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9netlogon.dll
[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88netlogon.dll

< MD5 for: NVSTOR.SYS >
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:WindowsSysNativedriversnvstor.sys
[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159dnvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243scecli.dll
[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048scecli.dll
[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll
[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8fscecli.dll
[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:WindowsSysNativescecli.dll
[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94scecli.dll

< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >
[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32drivers*.sys /90 >
< End of report >

#8 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 22 November 2011 - 10:22 AM

Hello Anderson

No problem, we can get an uninstal list later using a different scan.

Before we go any further please make sure that the OTL executable is placed directly on your desktop.

Lets proceed as follows:
  • IOBIT Products
  • We note you are using one or more products from IOBit (Advanced SystemCare 5).
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Windows Orb" and then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • Please open OTL
    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

      :OTL
      IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll (Guffins)
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
      FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll (Guffins)
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]
      SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:\Program Files (x86)\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
      O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (Guffins)
      O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
      
      :Services
      GuffinsService
      
      :Files
      C:\Program Files (x86)\MyWebSearch
      C:\Users\Jacque\AppData\Roaming\Complitly
      C:\Program Files (x86)\Complitly
      C:\Program Files (x86)\Search Toolbar
      C:\Program Files (x86)\Guffins
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • MalwareBytes AntiMalware:
    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
    Please post the OTL log and the MBAM log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#9 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 22 November 2011 - 04:28 PM

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{c3d3840c-12ea-4461-a61d-190555fecc82} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c3d3840c-12ea-4461-a61d-190555fecc82} not found.
File C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@mywebsearch.com/Plugin not found.
File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin not found.
Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@Guffins.com/Plugin not found.
File C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll not found.
File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin not found.
Error: No service named GuffinsService was found to stop!
ServiceDriver key GuffinsService not found.
File C:Program Files (x86)Guffinsbar1.binu4barsvc.exe not found.
64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.
64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.
File C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.
File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a916eefe-6a17-4d7d-a131-2738b260bb55} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a916eefe-6a17-4d7d-a131-2738b260bb55} not found.
File C:Program Files (x86)Guffinsbar1.binu4bar.dll not found.
Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.
File C:UsersJacqueAppDataRoamingComplitlyComplitly.dll not found.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.
File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.
Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{9D425283-D487-4337-BAB6-AB8354A81457} not found.
Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.
File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.
File/Folder C:Windowssystem32*.tmp not found.
========== SERVICES/DRIVERS ==========
Error: No service named GuffinsService was found to stop!
ServiceDriver key GuffinsService not found.
========== FILES ==========
FileFolder C:Program Files (x86)MyWebSearch not found.
FileFolder C:UsersJacqueAppDataRoamingComplitly not found.
FileFolder C:Program Files (x86)Complitly not found.
FileFolder C:Program Files (x86)Search Toolbar not found.
FileFolder C:Program Files (x86)Guffins not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Harley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jacque
->Temp folder emptied: 81551635 bytes
->Temporary Internet Files folder emptied: 300429929 bytes
->Java cache emptied: 4569226 bytes
->FireFox cache emptied: 10857712 bytes
->Flash cache emptied: 4596 bytes

User: KC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 275604229 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 103899 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%System32 .tmp files removed: 0 bytes
%systemroot%System32 (64bit) .tmp files removed: 0 bytes
%systemroot%System32drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99598 bytes
%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4097820622 bytes

Total Files Cleaned = 4,550.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Harley
->Flash cache emptied: 0 bytes

User: Jacque
->Flash cache emptied: 0 bytes

User: KC
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

File move failed. C:WindowsSystem32driversetcHosts scheduled to be moved on reboot.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11222011_140040
FilesFolders moved on Reboot...
FileFolder C:UsersJacqueAppDataLocalTemp~DF5156.tmp not found!
FileFolder C:UsersJacqueAppDataLocalTemp~DF7D1D.tmp not found!
FileFolder C:UsersJacqueAppDataLocalTemp~DF7D24.tmp not found!
FileFolder C:UsersJacqueAppDataLocalTemp~DF7D6E.tmp not found!
FileFolder C:UsersJacqueAppDataLocalTemp~DF7D74.tmp not found!
FileFolder C:UsersJacqueAppDataLocalTemp~DFB472.tmp not found!
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5UA6RXG3XInboxLight[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5UA6RXG3XWebIMPop[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5S4WG6063default[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5adloader[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5AjaxHistoryFrame[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5xmlProxy[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5NZ6Y6JBR01[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5NZ6Y6JBRRteFrame_16.0.1877.0920[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5IPB7Y2T6sck[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4EEditMessageLight[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4Emsn_com[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4Esck[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQMessenger[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQresourcespreload[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQresourcespreload[2].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQxmlProxy[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE50EHLM4MVLocalStorage[1].htm moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully.
File move failed. C:WindowsSystem32driversetcHosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8220
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
11/22/2011 3:24:38 PM
mbam-log-2011-11-22 (15-24-38).txt
Scan type: Quick scan
Objects scanned: 220746
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

#10 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 23 November 2011 - 06:54 AM

Hello Anderson

Let continue with an Online scan:
  • Please run the following scan
  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
  • Please perform the following scan
  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
Please post the ESET log in your next reply along with both of the DDS logs.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#11 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 24 November 2011 - 06:44 PM

C:UsersJacqueAppDataLocalLowFunWebProductsInstallrCache01E589F0.exe a variant of Win32/Toolbar.MyWebSearch.O application C:UsersJacqueAppDataLocalLowGuffinsEIInstallrCache02C596B1.exe a variant of Win32/Toolbar.MyWebSearch.O application C:_OTLMovedFiles11222011_133417C_Program Files (x86)Search ToolbarSearchToolbar.dll Win32/Toolbar.Zugo application C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4skin.dll a variant of Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallrCache01E589F0.exe a variant of Win32/Toolbar.MyWebSearch.O application I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallrCache02C596B1.exe a variant of Win32/Toolbar.MyWebSearch.O application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe a variant of Win32/InstallCore.A application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe a variant of Win32/InstallCore.A application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binF3EZSETP.DLL a variant of Win32/Toolbar.MyWebSearch.M application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binF3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binNPFUNWEB.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4skin.dll a variant of Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3CJPEG.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3DTACTL.DLL Win32/Adware.FunWeb application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HISTSW.DLL Win32/Adware.FunWeb application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HTTPCT.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3IMSTUB.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3POPSWT.DLL Win32/Adware.FunWeb application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3PSSAVR.SCR Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3REGHK.DLL Win32/Toolbar.MyWebSearch.G application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3REPROX.DLL Win32/Toolbar.MyWebSearch.D application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3RESTUB.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3SCHMON.EXE Win32/Adware.FunWeb application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3DLGHK.DLL Win32/Toolbar.MyWebSearch.I application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3HTML.DLL Win32/Toolbar.MyWebSearch.F application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IDLE.DLL Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IEOVR.DLL Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IMPIPE.EXE Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3MSG.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3PLUGIN.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SKIN.DLL Win32/Toolbar.MyWebSearch.P application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SKPLAY.EXE Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3TPINST.DLL Win32/Toolbar.MyWebSearch.I application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSBAR.DLL Win32/Toolbar.MyWebSearch.K application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSMLBTN.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOEMON.EXE Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOESTB.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSSRCAS.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSSVC.EXE Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSUABTN.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binNPMYWEBS.DLL Win32/Toolbar.MyWebSearch application I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search ToolbarSearchToolbar.dll Win32/Toolbar.Zugo application

#12 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 24 November 2011 - 06:45 PM

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: DeviceHarddiskVolume2 Install Date: 1/30/2011 12:16:39 PM System Uptime: 11/24/2011 2:40:28 PM (3 hours ago) . Motherboard: Gateway | | G33M05G1 Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 586 GiB total, 490.429 GiB free. D: is CDROM () E: is Removable F: is Removable G: is Removable H: is Removable I: is FIXED (NTFS) - 466 GiB total, 251.306 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: NETGEAR WPN311 RangeMax™ Wireless PCI Adapter Device ID: PCIVEN_168C&DEV_0013&SUBSYS_5E001385&REV_014&31E4133E&0&08F0 Manufacturer: Atheros Communications Inc. Name: NETGEAR WPN311 RangeMax™ Wireless PCI Adapter #3 PNP Device ID: PCIVEN_168C&DEV_0013&SUBSYS_5E001385&REV_014&31E4133E&0&08F0 Service: athr . ==== System Restore Points =================== . RP494: 11/22/2011 2:06:14 PM - Windows Update RP495: 11/23/2011 4:36:40 PM - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Reader 8.1.2 Apple Application Support Apple Software Update Bing Bar CameraHelperMsi Canon MP Navigator EX 2.0 Canon Utilities Easy-PhotoPrint EX Canon Utilities My Printer Canon Utilities Solution Menu Carbonite Online Backup Setup Click to Call with Skype Compatibility Pack for the 2007 Office system Complitly Coupon Printer for Windows CyberLink Power2Go D3DX10 DING! erLT ESET Online Scanner v3 Freemake Video Converter version 2.1.0 GameSpy Arcade Gateway Games Gateway Recovery Management Google Toolbar for Internet Explorer Google Update Helper Graboid Video 2.01 Guffins Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) I Can Color! iLivid Info Center 1.0.0.7 IrfanView (remove only) Java Auto Updater Java™ 6 Update 24 Java™ 6 Update 5 Junk Mail filter update KB0817 Keyboard Driver LabelPrint Logitech Vid HD Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes' Anti-Malware version 1.51.2.1300 Microsoft Money Essentials Microsoft Money Shared Libraries Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ Run Time Lib Setup Mozilla Firefox 8.0 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal Seagate Edition Napster Napster Burn Engine NETGEAR WNA3100 wireless USB 2.0 adapter NETGEAR WPN311 Wireless Adapter OpenOffice.org 3.3 Photo Explosion Deluxe PrintMaster 2011 Platinum QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RealUpgrade 1.1 Samsung PC Studio 3 USB Driver Installer Seagate Manager Installer Search Toolbar Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Segoe UI Skype™ 5.5 Smart Copy 3.1.1.1 Stronghold Crusader Extreme TomTom HOME 2.8.1.2218 TomTom HOME Visual Studio Merge Modules Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update Installer for WildTangent Games App Veetle TV VLC media player 1.0.1 vShare.tv plugin 1.3 Wheel Of Fortune WildTangent Games App (Gateway Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wizard101 . ==== Event Viewer Messages From Past Week ======== . 11/24/2011 5:13:43 PM, Error: iaStor [9] - The device, DeviceIdeiaStor0, did not respond within the timeout period. 11/24/2011 2:42:28 PM, Error: Service Control Manager [7000] - The int15 service failed to start due to the following error: A device attached to the system is not functioning. 11/23/2011 6:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 11/23/2011 4:25:45 PM, Error: EventLog [6008] - The previous system shutdown at 1:56:14 PM on 11/23/2011 was unexpected. 11/22/2011 8:59:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 11/22/2011 2:00:40 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s). 11/22/2011 1:59:06 PM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s). 11/22/2011 1:48:25 PM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s). 11/22/2011 1:31:48 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s). 11/21/2011 10:13:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 11/18/2011 7:36:58 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 11/18/2011 12:32:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jacque-PCJacque SID (S-1-5-21-1643210993-2232105442-2364694577-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 11/17/2011 8:42:19 PM, Error: Service Control Manager [7034] - The PCPitstop Realtime service terminated unexpectedly. It has done this 1 time(s). 11/17/2011 2:58:43 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================

#13 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 24 November 2011 - 06:45 PM

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jacque at 17:40:09 on 2011-11-24 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3051 [GMT -6:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32svchost.exe -k rpcss c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k GPSvcGroup C:Windowssystem32SLsvc.exe C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32svchost.exe -k NetworkService C:Windowssystem32WLANExt.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)MicrosoftBingBarSeaPort.EXE C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe C:Program Files (X86)IntelIntel Matrix Storage ManagerIaantmon.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k imgsvc C:WindowsSystem32svchost.exe -k WerSvcGroup C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Windowssystem32SearchIndexer.exe C:Windowssystem32DRIVERSxaudio64.exe C:Windowssystem32WUDFHost.exe c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Windowssystem32taskeng.exe C:Windowssystem32Dwm.exe C:Windowssystem32taskeng.exe C:WindowsExplorer.EXE C:Windowssystem32taskeng.exe C:WindowsMHotKey.exe C:WindowsChiFuncExt.exe C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe C:Program FilesRealtekAudioHDARAVCpl64.exe C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe C:WindowsSystem32igfxtray.exe C:Program FilesCanonMyPrinterBJMYPRT.EXE C:Program FilesMicrosoft Security Clientmsseces.exe C:WindowsCNYHKey.exe C:Program Files (x86)NETGEARWNA3100WNA3100.exe C:Program Files (x86)IOISmart CopyButtonMonitor.exe C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe C:Program Files (x86)RealRealPlayerUpdaterealsched.exe C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe C:Program Files (x86)NETGEARWPN311wlancfg5.exe C:WindowsModLedKey.exe C:Windowssystem32SearchProtocolHost.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:WindowsSysWOW64DllHost.exe C:Windowssystem32NOTEPAD.EXE C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:WindowsSysWOW64cmd.exe C:WindowsSysWOW64cscript.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05 uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" mRun: [LchDrvKey] LchDrvKey.exe mRun: [LedKey] CNYHKey.exe mRun: [Trigger New Acer AlaunchX] c:AcerPreloadCommandAlaunchXAppInRun.exe mRun: [Smart Copy] "C:Program Files (x86)IOISmart CopyButtonMonitor.exe" -A mRun: [MaxMenuMgr] "C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe" mRun: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hide mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [Info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe" mRunOnce: [New Acer AlaunchX] c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupNETGEA~2.LNK - C:Program Files (x86)NETGEARWNA3100WNA3100.exe StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupNETGEA~1.LNK - C:Program Files (x86)NETGEARWPN311wlancfg5.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 IE: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60} : DhcpNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" BHO-X64: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll TB-X64: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll" mRun-x64: [LchDrvKey] LchDrvKey.exe mRun-x64: [LedKey] CNYHKey.exe mRun-x64: [Trigger New Acer AlaunchX] c:AcerPreloadCommandAlaunchXAppInRun.exe mRun-x64: [Smart Copy] "C:Program Files (x86)IOISmart CopyButtonMonitor.exe" -A mRun-x64: [MaxMenuMgr] "C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe" mRun-x64: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hide mRun-x64: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [Info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe" mRunOnce-x64: [New Acer AlaunchX] c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe . ================= FIREFOX =================== . FF - ProfilePath - C:UsersJacqueAppDataRoamingMozillaFirefoxProfilesfsgyl71l.default FF - prefs.js: network.proxy.type - 0 FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll FF - plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll FF - plugin: C:Program Files (x86)VeetlePlayernpvlc.dll FF - plugin: C:Program Files (x86)VeetlepluginsnpVeetle.dll FF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered7NP_wtapp.dll FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:Windowssystem32DriversPxHlpa64.sys --> C:Windowssystem32DriversPxHlpa64.sys [?] R0 SCMNdisP;General NDIS Protocol Driver;C:Windowssystem32DRIVERSscmndisp.sys --> C:Windowssystem32DRIVERSscmndisp.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:Windowssystem32DRIVERSMpFilter.sys --> C:Windowssystem32DRIVERSMpFilter.sys [?] R2 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBarSeaPort.EXE [2011-6-15 249648] R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 FreeAgentGoNext Service;Seagate Service;C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe [2009-12-18 189736] R2 sbapifs;sbapifs;C:Windowssystem32DRIVERSsbapifs.sys --> C:Windowssystem32DRIVERSsbapifs.sys [?] R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:Windowssystem32DRIVERSbcmwlhigh664.sys --> C:Windowssystem32DRIVERSbcmwlhigh664.sys [?] R3 CAXHWBS2;CAXHWBS2;C:Windowssystem32DRIVERSCAXHWBS2.sys --> C:Windowssystem32DRIVERSCAXHWBS2.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:Windowssystem32DRIVERSMpNWMon.sys --> C:Windowssystem32DRIVERSMpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:Windowssystem32DRIVERSNisDrvWFP.sys --> C:Windowssystem32DRIVERSNisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-4-27 288272] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S3 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-7-7 195336] S3 ETService;Empowering Technology Service;C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe [2011-1-30 24576] S3 fssfltr;FssFltr;C:Windowssystem32DRIVERSfssfltr.sys --> C:Windowssystem32DRIVERSfssfltr.sys [?] S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2011-5-13 1492840] S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072] S3 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-1-30 135664] S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-1-30 135664] S3 LVPr2M64;Logitech LVPr2M64 Driver;C:Windowssystem32DRIVERSLVPr2M64.sys --> C:Windowssystem32DRIVERSLVPr2M64.sys [?] S3 LVRS64;Logitech RightSound Filter Driver;C:Windowssystem32DRIVERSlvrs64.sys --> C:Windowssystem32DRIVERSlvrs64.sys [?] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:Windowssystem32DRIVERSlvuvc64.sys --> C:Windowssystem32DRIVERSlvuvc64.sys [?] S3 NPF;Netgroup Packet Filter;C:Windowssystem32DRIVERSnpf.sys --> C:Windowssystem32DRIVERSnpf.sys [?] S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968] S3 TomTomHOMEService;TomTomHOMEService;C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [2011-3-9 92592] S3 UMVPFSrv;UMVPFSrv;C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe [2011-3-31 428640] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768] S3 WSWNA3100;WSWNA3100;C:Program Files (x86)NETGEARWNA3100WifiSvc.exe [2011-3-14 278528] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2011-1-31 89920] . =============== File Associations =============== . JSEFile=C:WindowsSysWOW64WScript.exe "%1" %* . =============== Created Last 30 ================ . 2011-11-24 20:45:30 -------- d-----w- C:Program Files (x86)ESET 2011-11-24 20:40:48 69000 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{676F4DE7-0F4F-49CE-AB69-778A5576B7F2}offreg.dll 2011-11-23 22:37:05 8570192 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{676F4DE7-0F4F-49CE-AB69-778A5576B7F2}mpengine.dll 2011-11-22 19:34:17 -------- d-----w- C:_OTL 2011-11-19 01:37:53 -------- d-----w- C:ProgramDataIObit 2011-11-19 01:36:57 -------- d-----w- C:UsersJacqueAppDataRoamingIObit 2011-11-19 01:36:49 -------- d-----w- C:Program Files (x86)IObit 2011-11-19 00:21:28 -------- d-----w- C:UsersJacqueAppDataRoamingMalwarebytes 2011-11-19 00:20:00 -------- d-----w- C:ProgramDataMalwarebytes 2011-11-19 00:19:56 25416 ----a-w- C:WindowsSystem32driversmbam.sys 2011-11-19 00:19:56 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware 2011-11-18 21:35:53 -------- d-----w- C:UsersJacqueAppDataLocalSeven Zip 2011-11-18 14:46:24 -------- d-----w- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5} 2011-11-18 14:46:14 -------- d-----w- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E} 2011-11-17 14:21:08 -------- d-----w- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F} 2011-11-17 14:20:58 -------- d-----w- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8} 2011-11-16 20:36:33 -------- d-----w- C:UsersJacqueAppDataLocalElevatedDiagnostics 2011-11-16 19:10:28 -------- d-----w- C:Program FilesCCleaner 2011-11-16 18:54:15 -------- d-----w- C:UsersJacqueAppDataRoamingPC Cleaners 2011-11-16 18:54:10 5359888 ----a-w- C:Windowsuninst.exe 2011-11-16 18:54:09 -------- d-----w- C:ProgramDataPC1Data 2011-11-16 18:47:10 -------- d-----w- C:Program Files (x86)Microsoft 2011-11-16 18:04:00 -------- d-----w- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289} 2011-11-16 18:03:50 -------- d-----w- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04} 2011-11-16 15:35:33 -------- d-----w- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7} 2011-11-16 15:35:23 -------- d-----w- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E} 2011-11-15 15:10:07 -------- d-----w- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF} 2011-11-15 15:09:46 -------- d-----w- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3} 2011-11-13 05:28:08 -------- d-----w- C:Program Files (x86)vShare.tv plugin 2011-11-11 19:22:22 -------- d-----w- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529} 2011-11-11 19:22:12 -------- d-----w- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50} 2011-11-08 23:08:10 40448 ----a-w- C:WindowsSystem32driverstcpipreg.sys 2011-11-08 23:08:10 1423744 ----a-w- C:WindowsSystem32driverstcpip.sys 2011-11-08 23:08:09 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat 2011-11-08 23:08:09 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat 2011-11-08 23:08:08 893440 ----a-w- C:Program FilesCommon FilesSystemwab32.dll 2011-11-08 23:08:08 707584 ----a-w- C:Program Files (x86)Common FilesSystemwab32.dll 2011-11-08 23:08:08 50688 ----a-w- C:Program FilesWindows Mailwabimp.dll 2011-11-08 20:17:01 -------- d-----w- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF} 2011-11-08 20:16:49 -------- d-----w- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB} 2011-11-04 18:16:55 -------- d-----w- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A} 2011-11-04 18:16:45 -------- d-----w- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013} 2011-11-03 16:16:02 -------- d-----w- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D} 2011-11-03 16:15:52 -------- d-----w- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9} 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin7.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin6.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin5.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin4.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin3.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin2.dll 2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin.dll . ==================== Find3M ==================== . 2011-10-25 00:50:14 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2011-10-24 19:29:02 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- C:WindowsSysWow64QuickTime.qts 2011-09-06 13:56:50 2764288 ----a-w- C:WindowsSystem32win32k.sys 2011-09-01 05:24:07 2309120 ----a-w- C:WindowsSystem32jscript9.dll 2011-09-01 05:17:57 1389056 ----a-w- C:WindowsSystem32wininet.dll 2011-09-01 05:12:04 2382848 ----a-w- C:WindowsSystem32mshtml.tlb 2011-09-01 02:35:59 1798144 ----a-w- C:WindowsSysWow64jscript9.dll 2011-09-01 02:28:15 1126912 ----a-w- C:WindowsSysWow64wininet.dll 2011-09-01 02:22:54 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb 2011-08-30 22:28:46 3069032 ----a-w- C:WindowsSystem32driversRTKVHD64.sys 2011-08-30 21:41:22 1501696 ----a-w- C:WindowsSystem32RCoRes64.dat 2011-08-30 18:37:44 2518632 ----a-w- C:WindowsSystem32RtPgEx64.dll . ============= FINISH: 17:40:40.40 ===============

#14 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 25 November 2011 - 11:05 AM

Hello Anderson

Lets proceed as follows:
  • Please un-install Java™ 6 Update 5
  • Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
  • A list of currently installed programs will be displayed.
  • Find the "Java™ 6 Update 5" program, click on it once and then click on the "uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.
  • Please update your Java
    • To update your Java, Click on the "Windows Orb" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
    • In the window that opens, click on the "Update" tab, and then on "Update Now".
    • Your Java should begin to update. Please follow any prompts that you receive.
    Next, please make sure you have your I drive (Seagate) plugged into the machine before continuing:
  • Please open OTL
    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

      :Files
      C:UsersJacqueAppDataLocalLowFunWebProducts
      C:Program Files (x86)Guffins
      C:UsersJacqueAppDataLocalLowGuffinsEI
      C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}
      C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}
      C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}
      C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}
      C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}
      C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}
      C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}
      C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}
      C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}
      C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}
      C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}
      C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}
      C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}
      C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}
      C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}
      C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}
      C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}
      C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}
      I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProducts
      I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEI
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProducts
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffins
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearch
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar
      
      :Reg
      [-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
      [-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
      "{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-
      [-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
    Post the OTL log in your next reply and let me know how the machine is running.

Edited by JonTom, 25 November 2011 - 11:06 AM.
Typo

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#15 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 25 November 2011 - 01:43 PM

I uninstalled Java 6 Update 5 program. When I click on the Window Orb, then control panel, Java does not come up. I have Java ™ 6 Update 24 in my control panel list of programs, but when I click on it, it asks to Unistall, not update. I will wait on your other directions until I hear from you on what to do with Java. I also wanted to say Thank You very much for helping me and I hope you had a wonderful Thanksgiving.

#16 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 25 November 2011 - 04:20 PM

Hello Anderson

I also wanted to say Thank You very much for helping me and I hope you had a wonderful Thanksgiving

No problem at all :)

I don't celebrate Thanksgiving myself (I have to wait until Christmas for my Turkey :drool: ), but I hope you had a nice one :)

I will wait on your other directions until I hear from you on what to do with Java

Lets update it manually:
  • Please update your Java
  • Download the latest version of Java by clicking here
  • Scroll down the page until you reach "Java Platform Standard Edition" (for Java SE 7u1).
  • Beneath this and to the right, you will see a red button marked "Download JRE".
  • Click the "Download JRE" button.
  • Accept the license agreement and click on "Continue".
  • Scroll down and click on the file called Windows x64 (jre-7u1-windows-x64.exe).
  • Save the file to your desktop.
  • Do not select Run.
  • Right click on the saved file (jre-7u1-windows-x64.exe) and select "Run as Administrator" to install the update.
  • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
  • Once the latest version of Java has been installed, you may uninstall Java ™ 6 Update 24.

Once you Java is updated, continue with the OTL script I posted previously and post the log when completed.
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#17 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 25 November 2011 - 04:50 PM

All processes killed Error: Unable to interpret <:FilesC:UsersJacqueAppDataLocalLowFunWebProductsC:Program Files (x86)GuffinsC:UsersJacqueAppDataLocalLowGuffinsEIC:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}C:UsersJacque> in the current context! Error: Unable to interpret <AppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsI:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEII:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exeI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exeI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar:Reg[-HKEY_LOCAL_MACHINEsoftwaremicrosoft> in the current context! Error: Unable to interpret <windowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}][-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-[-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]:Commands[purity][emptytemp][emptyflash][Reboot]> in the current context! OTL by OldTimer - Version 3.2.31.0 log created on 11252011_154008 FilesFolders moved on Reboot... Registry entries deleted on Reboot... The computer is running mucho better! Thank you SO much! I have to ask, I noticed you had me use an Avast program at one point. Is Avast the best security program to use on a daily basis? I have used it in the past, but went with Microsoft Security Essientials a while back. MSS scans my computer everyday, but the virus I had, wasn't caught until I did a "full" scan. I don't usually do a full scan because it takes about 8 hours to run. I'm not that patient. :glare:

#18 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 25 November 2011 - 06:07 PM

Hello Anderson

MSE is a good program to use but there is nothing wrong with AVAST either (both are very popular and offer good protection). I would think MSE would be fine to keep.

If you would like to change let me know and I can provide some links to a number of trusted programs.

It does not look as though the last OTL script was processed correctly.

Please try it again, and make sure that the ":" of :Files is present.

Also, when you paste the script into OTL, please make sure that it looks exactly the same way as I have included it in the instructions.

Give the script another go and post the log in your next reply :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#19 Anderson

Anderson

    Member

  • Members
  • 74 posts

Posted 25 November 2011 - 06:35 PM

Every time I tried to copy and paste, it kept garbling it up in the OTL box. I double checked against your list and I think I got the entries seperated the way you posted it in your reply above. Here is the new scan list. All processes killed ========== FILES ========== C:UsersJacqueAppDataLocalLowFunWebProductsSharedCache folder moved successfully. C:UsersJacqueAppDataLocalLowFunWebProductsShared folder moved successfully. C:UsersJacqueAppDataLocalLowFunWebProductsInstallrCache folder moved successfully. C:UsersJacqueAppDataLocalLowFunWebProductsInstallr folder moved successfully. C:UsersJacqueAppDataLocalLowFunWebProducts folder moved successfully. FileFolder C:Program Files (x86)Guffins not found. C:UsersJacqueAppDataLocalLowGuffinsEIInstallrCache folder moved successfully. C:UsersJacqueAppDataLocalLowGuffinsEIInstallr folder moved successfully. C:UsersJacqueAppDataLocalLowGuffinsEI folder moved successfully. C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5} folder moved successfully. C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E} folder moved successfully. C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F} folder moved successfully. C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8} folder moved successfully. C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289} folder moved successfully. C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04} folder moved successfully. C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7} folder moved successfully. C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E} folder moved successfully. C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF} folder moved successfully. C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3} folder moved successfully. C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529} folder moved successfully. C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50} folder moved successfully. C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF} folder moved successfully. C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB} folder moved successfully. C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A} folder moved successfully. C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013} folder moved successfully. C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D} folder moved successfully. C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9} folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsSharedCache folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsShared folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallrCache folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallr folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProducts folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallrCache folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallr folder moved successfully. I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEI folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.bin folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProducts folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsbarSettings folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsbarMessage folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binchrome folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.bin folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffins folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarSettings folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarOverlay folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarNotifier folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarMessage folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarIE9Mesg folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbaricons folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarGame folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarAvatar folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binchrome folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.bin folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearch folder moved successfully. I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar folder moved successfully. Error: Unable to interpret <:Reg[-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}]> in the current context! Error: Unable to interpret <[-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}]> in the current context! Error: Unable to interpret <[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]> in the current context! Error: Unable to interpret <"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-> in the current context! Error: Unable to interpret <[-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]> in the current context! ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User User: Guest ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Harley ->Temp folder emptied: 368708 bytes ->Temporary Internet Files folder emptied: 67593382 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 827 bytes User: Jacque ->Temp folder emptied: 17618960 bytes ->Temporary Internet Files folder emptied: 311310612 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 3137 bytes User: KC ->Temp folder emptied: 47281 bytes ->Temporary Internet Files folder emptied: 39048406 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 959 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%System32 .tmp files removed: 0 bytes %systemroot%System32 (64bit) .tmp files removed: 0 bytes %systemroot%System32drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 50610 bytes %systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 42645264 bytes Total Files Cleaned = 457.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: Guest ->Flash cache emptied: 0 bytes User: Harley ->Flash cache emptied: 0 bytes User: Jacque ->Flash cache emptied: 0 bytes User: KC ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11252011_172805 FilesFolders moved on Reboot... FileFolder C:UsersJacqueAppDataLocalTemp~DF6F9.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF6FE.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF747.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF74C.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF79A.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF7A7.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF8077.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF807C.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF80C2.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF80C7.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF95F.tmp not found! FileFolder C:UsersJacqueAppDataLocalTemp~DF97E.tmp not found! C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54C0YPUI5fastbutton[2].htm moved successfully. C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54C0YPUI5index[2].htm moved successfully. C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...

#20 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 26 November 2011 - 09:49 AM

Hello Anderson

I'm not sure why the formatting is being problematic..... Lets try the last part of that fix again:
  • Please open OTL
  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

    :Reg
    	[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
    	[-HKEY_CLASSES_ROOT\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
    	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    	"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-
    	[-HKEY_CLASSES_ROOT\CLSID\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
    	
    	:Commands
    	[purity]
    	[emptytemp]
    	[emptyflash]
    	[Reboot]
    	
    
  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Post the OTL log in your next reply :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users