Jump to content
Sign in to follow this  
Anderson

Malwarebytes and Hijackthis log files

Recommended Posts

Can anyone help?

 

Here is the log file:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8191

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/18/2011 6:28:36 PM

mbam-log-2011-11-18 (18-28-36).txt

Scan type: Quick scan

Objects scanned: 222270

Time elapsed: 3 minute(s), 11 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 30

Registry Values Infected: 4

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Harley\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 8:13:23 PM, on 11/18/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\CNYHKey.exe

C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe

C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Windows\ModLedKey.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

C:\Users\Jacque\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPBW0QZQ\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Jacque\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll

R3 - URLSearchHook: (no name) - {167d9323-f7cc-48f5-948a-6f012831a69f} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe,

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

O2 - BHO: Toolbar BHO - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\PROGRA~2\Guffins\bar\1.bin\u4bar.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Complitly - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\Complitly.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Search Assistant BHO - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

O3 - Toolbar: Guffins - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

O4 - HKLM\..\Run: [LchDrvKey] LchDrvKey.exe

O4 - HKLM\..\Run: [LedKey] CNYHKey.exe

O4 - HKLM\..\Run: [Trigger New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\AppInRun.exe

O4 - HKLM\..\Run: [smart Copy] "C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe" -A

O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [info Center] "C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe"

O4 - HKLM\..\RunOnce: [New Acer AlaunchX] c:\Acer\Preload\Command\AlaunchX\LaunchAlaunchX.exe

O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

O4 - Global Startup: NETGEAR WNA3100 Smart Wizard.lnk = ?

O4 - Global Startup: NETGEAR WPN311 Smart Wizard.lnk = C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe

O8 - Extra context menu item: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O8 - Extra context menu item: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: Guffins Service (GuffinsService) - Guffins - C:\PROGRA~2\Guffins\bar\1.bin\u4barsvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WSWNA3100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--

End of file - 12527 bytes

Share this post


Link to post
Share on other sites

Hello Anderson and :wp:

 

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.
Please let me know exactly how the machine is behaving.

 

Lets run the following scans:

  • Download and run OTL by Oldtimer

  • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
  • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
  • Check the boxes beside "LOP Check" and "Purity Check".
  • Under Custom Scan paste this in:

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

symmpi.sys

adp3132.sys

/md5stop

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

  • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.
  • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
  • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.
  • aswMBR

  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the "Scan" button to start scan.
Posted Image

 

  • On completion of the scan click save log, save it to your desktop and post in your next reply.
Posted Image

 

Please post the OTL logs and the aswMBR log in your next reply (you may need to make more than one post to fit all of the information in).

 

Share this post


Link to post
Share on other sites

Hi! Thank you so much for offering to help me. I am receiving a lot of Internet Explorer can not display web page. I can get the web pages to open, but usually have to refresh the page several times in order to do so. My Windows Live Mail will not open. It says my Calendar contains corrupt data. Here are my file logs you asked for. Again, thank you so much for helping!

 

 

OTL logfile created on: 11/20/2011 8:15:36 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.99 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 59.25% Memory free

12.15 Gb Paging File | 10.06 Gb Available in Paging File | 82.80% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 586.40 Gb Total Space | 487.35 Gb Free Space | 83.11% Space Free | Partition Type: NTFS

Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

 

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/20 20:10:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJacqueDownloadsOTL.exe

PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe

PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

PRC - [2011/09/03 11:41:24 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:Program Files (x86)RealRealPlayerUpdaterealsched.exe

PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE

PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe

PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe

PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe

PRC - [2009/12/18 13:25:18 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe

PRC - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe

PRC - [2009/12/18 13:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe

PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe

PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:Program Files (x86)IOISmart CopyButtonMonitor.exe

PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:WindowsCNYHKey.exe

PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:WindowsChiFuncExt.exe

PRC - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe

PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe

PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe

PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:WindowsModLEDKey.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/10/12 17:47:32 | 000,971,264 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll

MOD - [2011/10/12 17:44:05 | 005,450,752 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll

MOD - [2011/10/12 17:43:47 | 012,430,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll

MOD - [2011/10/12 17:43:36 | 001,587,200 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll

MOD - [2011/10/12 17:42:29 | 007,950,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll

MOD - [2011/10/12 17:42:20 | 011,490,816 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll

MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:Program Files (x86)Common FileslogishrdLWSPluginsLWSAppletsCameraHelperDevManagerCore.dll

MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQJpeg4.dll

MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQGif4.dll

MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTXml4.dll

MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTGui4.dll

MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTCore4.dll

MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe

MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WifiSvcLib.dll

MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe

MOD - [2008/05/21 16:36:34 | 000,040,960 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIUSBLib.dll

MOD - [2008/05/21 16:36:34 | 000,032,768 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIHIDLib.dll

MOD - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe -- (ETService)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/06/29 11:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.exe -- (XAudioService)

SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE -- (BBUpdate)

SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:Program Files (x86)Guffinsbar1.binu4barsvc.exe -- (GuffinsService)

SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/09 06:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)WildTangent GamesAppGamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)NETGEARWNA3100WifiSvc.exe -- (WSWNA3100)

SRV - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel®

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSNisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)

DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvrs64.sys -- (LVRS64)

DRV:64bit: - [2010/09/29 11:05:16 | 001,244,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSbcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSfssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/06/14 14:04:28 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:WindowsSysNativeDRIVERSsbapifs.sys -- (sbapifs)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/10/20 09:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSnpf.sys -- (NPF)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSwpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/05 16:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSathrx.sys -- (athr)

DRV:64bit: - [2008/12/04 22:55:28 | 000,303,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSe1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/03/24 19:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSigdkmd64.sys -- (igfx)

DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversPxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSsscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2007/06/29 11:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/20 06:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/06/20 06:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2007/06/20 06:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdm.sys -- (ss_mdm)

DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdfl.sys -- (ss_mdfl)

DRV:64bit: - [2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSiaStor.sys -- (iaStor)

DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSscmndisp.sys -- (SCMNdisP)

DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSmdmxsdk.sys -- (mdmxsdk)

DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:WindowsSysWOW64driversint15_64.sys -- (int15)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 80 9F 5C 40 48 D8 CB 01 [binary data]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1

IE - HKCU..URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found

IE - HKCU..URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

FF - HKLMSoftwareMozillaPlugins@Guffins.com/Plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll (Guffins)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@mywebsearch.com/Plugin: C:Program Files (x86)MyWebSearchbar1.binNPMyWebS.dll File not found

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered8NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/11/16 11:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2011/11/18 14:54:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

 

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensions

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensionshome2@tomtom.com

[2011/11/18 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:WindowsSysNativedriversetcHosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll (SimplyGen)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitlyComplitly.dll (SimplyGen)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O3 - HKLM..Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O3 - HKCU..ToolbarWebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..Run: [CanonSolutionMenu] C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..Run: [iAAnotif] C:Program Files (X86)IntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [LchDrvKey] C:WindowsLchDrvKey.exe ()

O4 - HKLM..Run: [LedKey] C:WindowsCNYHKey.exe (Creative)

O4 - HKLM..Run: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)

O4 - HKLM..Run: [MaxMenuMgr] C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe (Seagate LLC)

O4 - HKLM..Run: [smart Copy] C:Program Files (x86)IOISmart CopyButtonMonitor.exe (IOI)

O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)

O4 - HKLM..Run: [Trigger New Acer AlaunchX] c:ACERPreloadCommandAlaunchXAppInRun.exe (Acer Inc.)

O4 - HKCU..Run: [Advanced SystemCare 5] C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe (IObit)

O4 - HKLM..RunOnce: [New Acer AlaunchX] c:ACERPreloadCommandAlaunchXLaunchAlaunchX.exe (Acer Inc.)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60}: DhcpNameServer = 192.168.1.254

O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg

O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/02/04 09:07:10 | 000,000,062 | ---- | M] () - I:Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/18 19:38:19 | 000,000,000 | ---D | C] -- C:ProgramDataRoboForm

[2011/11/18 19:38:17 | 000,000,000 | ---D | C] -- C:UsersJacqueDocumentsMy RoboForm Data

[2011/11/18 19:37:53 | 000,000,000 | ---D | C] -- C:ProgramDataIObit

[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingIObit

[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5

[2011/11/18 19:36:49 | 000,000,000 | ---D | C] -- C:Program Files (x86)IObit

[2011/11/18 18:21:28 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingMalwarebytes

[2011/11/18 18:20:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2011/11/18 18:20:00 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2011/11/18 18:19:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2011/11/18 18:19:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2011/11/18 15:35:53 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalSeven Zip

[2011/11/18 14:54:20 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalMozilla

[2011/11/18 14:54:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox

[2011/11/18 08:46:24 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}

[2011/11/18 08:46:14 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}

[2011/11/17 08:21:08 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}

[2011/11/17 08:20:58 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}

[2011/11/16 14:36:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalElevatedDiagnostics

[2011/11/16 13:10:30 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

[2011/11/16 13:10:28 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2011/11/16 12:54:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingPC Cleaners

[2011/11/16 12:54:10 | 005,359,888 | ---- | C] (PC Cleaners) -- C:Windowsuninst.exe

[2011/11/16 12:54:09 | 000,000,000 | ---D | C] -- C:ProgramDataPC1Data

[2011/11/16 12:47:10 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft

[2011/11/16 12:04:00 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}

[2011/11/16 12:03:50 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}

[2011/11/16 09:35:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}

[2011/11/16 09:35:23 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}

[2011/11/15 09:10:07 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}

[2011/11/15 09:09:46 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}

[2011/11/15 07:59:35 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed

[2011/11/12 23:28:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingComplitly

[2011/11/12 23:28:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Complitly

[2011/11/12 23:28:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)vShare.tv plugin

[2011/11/11 13:22:22 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}

[2011/11/11 13:22:12 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}

[2011/11/08 14:17:01 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}

[2011/11/08 14:16:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}

[2011/11/04 12:16:55 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}

[2011/11/04 12:16:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}

[2011/11/03 10:16:02 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}

[2011/11/03 10:15:52 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}

[2011/11/03 08:01:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime

[2011/11/03 08:01:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)QuickTime

[2011/11/03 08:01:36 | 000,000,000 | ---D | C] -- C:ProgramDataApple Computer

[2011/10/25 13:57:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{6F0FDC43-E4C0-4019-B826-EB9193C858F7}

[2011/10/25 13:57:37 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{7E332ECA-5E97-46DD-AF36-9D4E117F62F0}

[2011/10/25 13:56:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1BCE783F-C19A-4E90-A18B-D6275168E6E0}

[2011/10/25 13:56:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{308F69E1-F3E7-46B4-AC92-A4061248C0ED}

[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx

[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts

[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/20 20:15:13 | 000,001,203 | ---- | M] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk

[2011/11/20 19:26:29 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/20 19:26:29 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/20 18:10:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2011/11/20 10:19:15 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2011/11/20 09:32:01 | 000,706,824 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2011/11/20 09:32:01 | 000,606,364 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2011/11/20 09:32:01 | 000,104,964 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2011/11/20 09:26:28 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2011/11/18 19:36:58 | 000,001,080 | ---- | M] () -- C:UsersPublicDesktopQuick Care.lnk

[2011/11/18 19:36:57 | 000,001,058 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2011/11/18 18:34:24 | 000,693,664 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2011/11/18 18:20:01 | 000,000,950 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk

[2011/11/18 17:34:24 | 000,000,272 | ---- | M] () -- C:Windowsreimage.ini

[2011/11/18 14:54:16 | 000,000,914 | ---- | M] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,890 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk

[2011/11/17 14:37:03 | 000,245,494 | ---- | M] () -- C:WindowsSysNativeoem53.inf

[2011/11/16 13:10:30 | 000,000,772 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2011/11/16 12:53:45 | 005,359,888 | ---- | M] (PC Cleaners) -- C:Windowsuninst.exe

[2011/11/11 14:44:07 | 000,000,235 | ---- | M] () -- C:Windowsulead32.ini

[2011/11/03 08:01:54 | 000,001,758 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2011/10/24 18:50:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx

[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts

[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/20 20:15:06 | 000,001,203 | ---- | C] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk

[2011/11/18 19:36:58 | 000,001,080 | ---- | C] () -- C:UsersPublicDesktopQuick Care.lnk

[2011/11/18 19:36:57 | 000,001,058 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2011/11/18 18:20:01 | 000,000,950 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk

[2011/11/18 17:34:13 | 000,000,272 | ---- | C] () -- C:Windowsreimage.ini

[2011/11/18 14:54:16 | 000,000,914 | ---- | C] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,902 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,890 | ---- | C] () -- C:UsersPublicDesktopMozilla Firefox.lnk

[2011/11/17 14:37:11 | 000,245,494 | ---- | C] () -- C:WindowsSysNativeoem53.inf

[2011/11/16 13:10:30 | 000,000,772 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk

[2011/11/03 08:01:54 | 000,001,758 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2011/09/14 20:14:40 | 000,000,274 | ---- | C] () -- C:Windowsdisney.ini

[2011/09/03 11:45:35 | 000,000,328 | ---- | C] () -- C:Windowswininit.ini

[2011/06/26 15:52:52 | 000,016,703 | ---- | C] () -- C:Windowscscmondump.bin

[2011/04/15 19:35:03 | 000,000,235 | ---- | C] () -- C:Windowsulead32.ini

[2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:WindowsSysWow64LogiDPP.dll

[2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:WindowsSysWow64LogiDPPApp.exe

[2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:WindowsSysWow64DevManagerCore.dll

[2011/03/15 19:38:35 | 000,048,640 | ---- | C] () -- C:UsersJacqueAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/14 12:51:03 | 000,053,299 | ---- | C] () -- C:WindowsSysWow64pthreadVC.dll

[2011/02/21 15:57:32 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat

[2011/01/31 16:40:46 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2011/01/31 16:40:25 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll

[2011/01/31 16:39:46 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin

[2011/01/31 10:02:31 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin

[2011/01/30 17:31:52 | 000,721,296 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/01/30 12:56:38 | 000,005,115 | ---- | C] () -- C:ProgramDataN360BUOptions.ini

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini

[2007/01/02 03:12:02 | 000,581,120 | ---- | C] () -- C:WindowsmHotkey.exe

[2007/01/02 03:12:02 | 000,294,912 | ---- | C] () -- C:WindowsPIC.dll

[2007/01/02 03:12:02 | 000,036,864 | ---- | C] () -- C:WindowsLchDrvKey.exe

[2007/01/02 03:12:02 | 000,000,870 | ---- | C] () -- C:Windowsmhotkey_reg.ini

[2007/01/02 02:26:58 | 002,215,364 | ---- | C] () -- C:WindowsSysWow64igklg400.bin

[2007/01/02 02:26:58 | 001,971,732 | ---- | C] () -- C:WindowsSysWow64igklg450.bin

[2007/01/02 02:26:58 | 000,029,932 | ---- | C] () -- C:WindowsSysWow64igmedcompkrn.bin

[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:WindowsSysWow64vidx16.dll

 

========== LOP Check ==========

 

[2011/09/06 20:49:13 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingBandoo

[2011/02/22 17:21:29 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingCanon

[2011/11/12 23:28:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingComplitly

[2011/11/18 19:36:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIObit

[2011/06/01 14:22:12 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIrfanView

[2011/01/31 19:09:30 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLeadertech

[2011/02/21 19:24:04 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLudia

[2011/05/20 16:28:41 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingmuvee Technologies

[2011/02/10 14:18:32 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingOpenOffice.org

[2011/11/16 12:54:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPC Cleaners

[2011/02/12 17:17:43 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPlayFirst

[2011/06/17 10:34:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSchool Zone Preferences

[2011/04/06 09:04:33 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSouthwest Airlines

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingTomTom

[2011/06/09 21:00:11 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWal-Mart Digital Photo Viewer

[2011/01/31 22:08:50 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWindows Live Writer

[2011/11/19 22:44:52 | 000,032,596 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:WindowsSysNativedriversAGP440.sys

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0AGP440.sys

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fcAGP440.sys

 

< MD5 for: AHCIX86S.SYS >

[2008/04/18 00:33:46 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB7xxRAIDLHahcix86s.sys

[2007/04/16 04:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB6xxRAIDLH64Aahcix86s.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:WindowsSysNativedriversatapi.sys

[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2atapi.sys

[2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1eatapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:WindowsSysNativecngaudit.dll

[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1ccngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriverIaStor.sys

[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriver64IaStor.sys

[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:WindowsSysNativedriversiaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:WindowsSysNativedriversiaStorV.sys

[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598dnetlogon.dll

[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll

[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4netlogon.dll

[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:WindowsSysNativenetlogon.dll

[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9netlogon.dll

[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:WindowsSysNativedriversnvstor.sys

[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159dnvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243scecli.dll

[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048scecli.dll

[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll

[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8fscecli.dll

[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:WindowsSysNativescecli.dll

[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94scecli.dll

 

< %systemroot%*. /mp /s >

 

< %systemroot%system32*.dll /lockedfiles >

[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%System32config*.sav >

 

< %systemroot%system32drivers*.sys /90 >

< End of report >

 

OTL Extras logfile created on: 11/20/2011 8:15:36 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.99 Gb Total Physical Memory | 3.55 Gb Available Physical Memory | 59.25% Memory free

12.15 Gb Paging File | 10.06 Gb Available in Paging File | 82.80% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 586.40 Gb Total Space | 487.35 Gb Free Space | 83.11% Space Free | Partition Type: NTFS

Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

 

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:WindowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%system32mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%system32mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

"VistaSp2" = C9 7E C3 1B 9B C1 CB 01 [binary data]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"oobe_av" = 1

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{2906035B-DCB4-469F-8E84-7CE85EA83DDF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A5514C4E-29B4-4267-AEAD-60396649E3EE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{097E7410-03F2-49BE-BC6B-F0CF23D0216C}" = protocol=17 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold_crusader_extreme.exe |

"{35F4D5FB-2EFD-4CB6-96F2-C9F78E09AAE4}" = protocol=6 | dir=in | app=c:program files (x86)veetleplayerveetlenet.exe |

"{5FCF8F2D-0DFF-46BE-9E57-C91A08741F9F}" = protocol=17 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold crusader.exe |

"{613FCBE0-D706-4D4F-969A-13B03CA4A0D6}" = dir=in | app=c:program files (x86)common filesappleapple application supportwebkit2webprocess.exe |

"{679510C9-CB34-4D3B-9CB6-5C6F530C79BE}" = protocol=17 | dir=in | app=c:program files (x86)gamespy arcadeaphex.exe |

"{7322E954-9A2F-473F-BF02-5CC571B1C623}" = protocol=17 | dir=in | app=c:program files (x86)logitechvid hdvid.exe |

"{A2E0EB4B-E9DC-40C4-8646-4FC0CFE201A9}" = protocol=6 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold_crusader_extreme.exe |

"{A313061B-5DA4-40ED-9164-3EE0917F823E}" = dir=in | app=c:program files (x86)windows livesyncwindowslivesync.exe |

"{B39388D0-4B76-4099-965D-607AE610E22F}" = protocol=6 | dir=in | app=c:program files (x86)firefly studiosstronghold crusaderstronghold crusader.exe |

"{BB4B48A5-C3EE-4078-9B97-CB855FB71E5E}" = protocol=6 | dir=in | app=c:program files (x86)logitechvid hdvid.exe |

"{EDBCC59C-0162-4AF9-903F-DA56B9513F64}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{F461624C-BB3A-44D5-8674-A047A731BBAC}" = protocol=6 | dir=in | app=c:program files (x86)gamespy arcadeaphex.exe |

"{F979252F-ADBF-4FB7-9A0B-60DE3B6DB791}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{090A4D4C-24B2-4248-BFF2-AC30D2E0676B}" = Marvell® Wireless Card Software Package

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP240_series" = Canon MP240 series MP Drivers

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety

"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microso

Share this post


Link to post
Share on other sites

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software

Run date: 2011-11-20 20:38:26

-----------------------------

20:38:26.981 OS Version: Windows x64 6.0.6002 Service Pack 2

20:38:26.981 Number of processors: 4 586 0xF0B

20:38:26.981 ComputerName: JACQUE-PC UserName: Jacque

20:38:29.228 Initialize success

20:40:18.232 AVAST engine defs: 11112001

20:40:31.461 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1

20:40:31.461 Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 3

20:40:31.461 Disk 0 MBR read successfully

20:40:31.476 Disk 0 MBR scan

20:40:31.476 Disk 0 unknown MBR code

20:40:31.476 Service scanning

20:40:31.898 Service MpNWMon C:Windowssystem32DRIVERSMpNWMon.sys **LOCKED** 32

20:40:32.537 Modules scanning

20:40:32.537 Disk 0 trace - called modules:

20:40:32.537 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

20:40:32.537 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa80069de790]

20:40:32.553 3 CLASSPNP.SYS[fffffa600124ec33] -> nt!IofCallDriver -> DeviceIdeIAAStorageDevice-1[0xfffffa8006755050]

20:40:35.049 AVAST engine scan C:Windows

20:40:40.462 AVAST engine scan C:Windowssystem32

20:42:24.686 AVAST engine scan C:Windowssystem32drivers

20:42:38.507 AVAST engine scan C:UsersJacque

21:44:45.261 AVAST engine scan C:ProgramData

21:49:45.545 Scan finished successfully

21:50:02.923 Disk 0 MBR has been saved successfully to "C:UsersJacqueDocumentsMBR.dat"

21:50:03.017 The log file has been saved successfully to "C:UsersJacqueDocumentsaswMBR.txt"

Share this post


Link to post
Share on other sites

I want to add that I do have an external hard drive hooked up to my computer. I had to restore the computer back in January and after doing so, I installed the external. I don't know if it would be easier to fix this problem with the information on the external or if the external would have corrupt files also. I was told to add the external, but wasn't taught how to use it. Again, thank you so much for your help.

Share this post


Link to post
Share on other sites

Hello Anderson

 

It looks as though the OTL extras.txt got cut off when you posted it.

 

Please post the rest of the log starting from the "==== HKEY_LOCAL_MACHINE Uninstall List ====" section :)

Share this post


Link to post
Share on other sites

My computer would not let me save the log file to my desk top, so I had to run a new scan.

 

OTL logfile created on: 11/21/2011 12:14:05 PM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersJacqueDownloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

5.99 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 67.10% Memory free

12.09 Gb Paging File | 10.08 Gb Available in Paging File | 83.39% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 586.40 Gb Total Space | 485.97 Gb Free Space | 82.87% Space Free | Partition Type: NTFS

Drive I: | 465.76 Gb Total Space | 252.20 Gb Free Space | 54.15% Space Free | Partition Type: NTFS

 

Computer Name: JACQUE-PC | User Name: Jacque | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/11/20 20:10:35 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersJacqueDownloadsOTL.exe

PRC - [2011/11/12 10:42:50 | 001,647,448 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe

PRC - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe

PRC - [2011/10/24 18:50:14 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:WindowsSysWOW64MacromedFlashFlashUtil11c_ActiveX.exe

PRC - [2011/09/26 12:27:08 | 000,024,216 | ---- | M] (PC Pitstop LLC) -- C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

PRC - [2011/09/03 11:41:24 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:Program Files (x86)RealRealPlayerUpdaterealsched.exe

PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE

PRC - [2011/03/01 22:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe

PRC - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe

PRC - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe

PRC - [2009/12/18 13:25:18 | 000,202,024 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe

PRC - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe

PRC - [2009/12/18 13:24:24 | 000,197,928 | ---- | M] (Seagate LLC) -- C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe

PRC - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe

PRC - [2008/05/21 16:36:36 | 000,053,248 | ---- | M] (IOI) -- C:Program Files (x86)IOISmart CopyButtonMonitor.exe

PRC - [2008/04/23 19:05:16 | 000,339,968 | ---- | M] (Creative) -- C:WindowsCNYHKey.exe

PRC - [2008/02/01 13:04:50 | 000,057,344 | ---- | M] (Chicony) -- C:WindowsChiFuncExt.exe

PRC - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe

PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe

PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe

PRC - [2007/01/08 16:51:56 | 000,053,248 | ---- | M] (Chicony) -- C:WindowsModLEDKey.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2011/10/12 17:47:32 | 000,971,264 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Configuration40da9084d0863e07d7ce55953833b8b0System.Configuration.ni.dll

MOD - [2011/10/12 17:44:05 | 005,450,752 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Xmlc1c06a392871267db27f7cbc40e1c4fbSystem.Xml.ni.dll

MOD - [2011/10/12 17:43:47 | 012,430,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Windows.Forms1363115565fff5a641243a48f396f107System.Windows.Forms.ni.dll

MOD - [2011/10/12 17:43:36 | 001,587,200 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32System.Drawing367c4043efc2f32d843cb588b0dc97fcSystem.Drawing.ni.dll

MOD - [2011/10/12 17:42:29 | 007,950,848 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32Systemf9c36ea806e77872dce891c77b68fac3System.ni.dll

MOD - [2011/10/12 17:42:20 | 011,490,816 | ---- | M] () -- C:WindowsassemblyNativeImages_v2.0.50727_32mscorlibb6632a8b2f276a8e31f5b0f6b2006cd1mscorlib.ni.dll

MOD - [2011/03/30 17:25:42 | 000,331,608 | ---- | M] () -- C:Program Files (x86)Common FileslogishrdLWSPluginsLWSAppletsCameraHelperDevManagerCore.dll

MOD - [2011/03/01 22:13:44 | 000,203,096 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe

MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQJpeg4.dll

MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareImageFormatsQGif4.dll

MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTXml4.dll

MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTGui4.dll

MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:Program Files (x86)LogitechLWSWebcam SoftwareQTCore4.dll

MOD - [2010/01/20 16:44:14 | 004,562,944 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WNA3100.exe

MOD - [2009/08/28 15:50:18 | 000,282,624 | ---- | M] () -- C:Program Files (x86)NETGEARWNA3100WifiSvcLib.dll

MOD - [2008/05/30 12:50:28 | 000,581,120 | ---- | M] () -- C:WindowsmHotkey.exe

MOD - [2008/05/21 16:36:34 | 000,040,960 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIUSBLib.dll

MOD - [2008/05/21 16:36:34 | 000,032,768 | ---- | M] () -- C:Program Files (x86)IOISmart CopyIOIHIDLib.dll

MOD - [2007/04/10 21:09:06 | 001,695,744 | ---- | M] () -- C:Program Files (x86)NETGEARWPN311wlancfg5.exe

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2008/06/11 13:18:30 | 000,024,576 | ---- | M] () [On_Demand | Stopped] -- C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe -- (ETService)

SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:Program FilesWindows DefenderMpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/06/29 11:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.exe -- (XAudioService)

SRV - [2011/11/10 19:23:52 | 000,490,840 | ---- | M] (IObit) [Auto | Running] -- C:Program Files (x86)IObitAdvanced SystemCare 5ASCService.exe -- (AdvancedSystemCareService5)

SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:Program Files (x86)MicrosoftBingBarBBSvc.EXE -- (BBSvc)

SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:Program Files (x86)MicrosoftBingBarSeaPort.EXE -- (BBUpdate)

SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:Program Files (x86)Guffinsbar1.binu4barsvc.exe -- (GuffinsService)

SRV - [2011/03/31 23:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [On_Demand | Stopped] -- C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/09 06:30:08 | 000,092,592 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:Program Files (x86)WildTangent GamesAppGamesAppService.exe -- (GamesAppService)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/12 10:11:24 | 000,278,528 | ---- | M] () [On_Demand | Stopped] -- C:Program Files (x86)NETGEARWNA3100WifiSvc.exe -- (WSWNA3100)

SRV - [2009/12/18 13:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe -- (FreeAgentGoNext Service)

SRV - [2009/03/29 23:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTmon.exe -- (IAANTMON) Intel®

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSNisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2011/03/31 23:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)

DRV:64bit: - [2011/03/31 23:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSlvrs64.sys -- (LVRS64)

DRV:64bit: - [2010/09/29 11:05:16 | 001,244,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSbcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSfssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/06/14 14:04:28 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:WindowsSysNativeDRIVERSsbapifs.sys -- (sbapifs)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSLVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/10/20 09:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSnpf.sys -- (NPF)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSwpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/09/05 16:27:12 | 001,449,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSathrx.sys -- (athr)

DRV:64bit: - [2008/12/04 22:55:28 | 000,303,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSe1e6032e.sys -- (e1express) Intel®

DRV:64bit: - [2008/06/05 21:21:44 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:WindowsSysNativedriversRTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008/03/24 19:50:18 | 007,715,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSigdkmd64.sys -- (igfx)

DRV:64bit: - [2007/07/26 05:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:WindowsSysNativeDriversPxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/07/03 19:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSsscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

DRV:64bit: - [2007/06/29 11:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSxaudio64.sys -- (XAudio)

DRV:64bit: - [2007/06/20 06:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2007/06/20 06:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAXHWBS2.sys -- (CAXHWBS2)

DRV:64bit: - [2007/06/20 06:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:WindowsSysNativeDRIVERSCAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2007/05/02 11:11:14 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdm.sys -- (ss_mdm)

DRV:64bit: - [2007/05/02 11:11:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)

DRV:64bit: - [2007/05/02 11:11:14 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:WindowsSysNativeDRIVERSss_mdfl.sys -- (ss_mdfl)

DRV:64bit: - [2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSiaStor.sys -- (iaStor)

DRV:64bit: - [2007/01/19 17:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:WindowsSysNativeDRIVERSscmndisp.sys -- (SCMNdisP)

DRV:64bit: - [2006/06/19 00:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:WindowsSysNativeDRIVERSmdmxsdk.sys -- (mdmxsdk)

DRV - [2008/06/11 13:13:24 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:WindowsSysWOW64driversint15_64.sys -- (int15)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,SearchDefaultBranded = 1

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.msn.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache = http://www.msn.com/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 80 9F 5C 40 48 D8 CB 01 [binary data]

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,StartPageCache = 1

IE - HKCU..URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - No CLSID value found

IE - HKCU..URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

FF - HKLMSoftwareMozillaPlugins@Guffins.com/Plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll (Guffins)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin: C:Program Files (x86)Javajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3508.1109: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WPF,version=3.5: c:WindowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationNPWPF.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@mywebsearch.com/Plugin: C:Program Files (x86)MyWebSearchbar1.binNPMyWebS.dll File not found

FF - HKLMSoftwareMozillaPlugins@real.com/nppl3260;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nppl3260.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprphtml5videoshim;version=12.0.1.666: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprpjplug;version=12.0.1.666: C:Program Files (x86)RealRealPlayerNetscape6nprpjplug.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll (Google Inc.)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.18: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered8NP_wtapp.dll ()

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:ProgramDataRealRealPlayerBrowserRecordPluginFirefoxExt [2011/11/16 11:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2011/11/18 14:54:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

 

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensions

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] (No name found) -- C:UsersJacqueAppDataRoamingMozillaExtensionshome2@tomtom.com

[2011/11/18 14:54:15 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2011/11/05 00:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2011/11/04 21:21:03 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2011/11/04 21:21:03 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginstwitter.xml

 

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:WindowsSysNativedriversetcHosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll (SimplyGen)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:UsersJacqueAppDataRoamingComplitlyComplitly.dll (SimplyGen)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O2 - BHO: (Search Assistant BHO) - {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll (Guffins)

O3:64bit: - HKLM..Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKLM..Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:Program Files (x86)MicrosoftBingBarBingExt.dll (Microsoft Corporation.)

O3 - HKLM..Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O3 - HKLM..Toolbar: (Guffins) - {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O3:64bit: - HKCU..ToolbarWebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_64.dll (Google Inc.)

O3 - HKCU..ToolbarWebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:Program Files (x86)Search ToolbarSearchToolbar.dll ()

O3 - HKCU..ToolbarWebBrowser: (Guffins) - {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll (Guffins)

O4:64bit: - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..Run: [CanonSolutionMenu] C:Program Files (x86)CanonSolutionMenuCNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..Run: [iAAnotif] C:Program Files (X86)IntelIntel Matrix Storage ManagerIaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [igfxTray] C:WindowsSysNativeigfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..Run: [MSC] c:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..Run: [Windows Defender] C:Program FilesWindows DefenderMSASCui.exe (Microsoft Corporation)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [info Center] C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe (PC Pitstop LLC)

O4 - HKLM..Run: [LchDrvKey] C:WindowsLchDrvKey.exe ()

O4 - HKLM..Run: [LedKey] C:WindowsCNYHKey.exe (Creative)

O4 - HKLM..Run: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe (Logitech Inc.)

O4 - HKLM..Run: [MaxMenuMgr] C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe (Seagate LLC)

O4 - HKLM..Run: [smart Copy] C:Program Files (x86)IOISmart CopyButtonMonitor.exe (IOI)

O4 - HKLM..Run: [TkBellExe] C:Program Files (x86)RealRealPlayerUpdaterealsched.exe (RealNetworks, Inc.)

O4 - HKLM..Run: [Trigger New Acer AlaunchX] c:ACERPreloadCommandAlaunchXAppInRun.exe (Acer Inc.)

O4 - HKCU..Run: [Advanced SystemCare 5] C:Program Files (x86)IObitAdvanced SystemCare 5ASCTray.exe (IObit)

O4 - HKLM..RunOnce: [New Acer AlaunchX] c:ACERPreloadCommandAlaunchXLaunchAlaunchX.exe (Acer Inc.)

O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WindowsSysWOW64MacromedFlashFlashUtil11c_ActiveX.exe (Adobe Systems, Inc.)

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Google Sidewiki... - res://C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found

O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 192.168.1.254

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60}: DhcpNameServer = 192.168.1.254

O18:64bit: - ProtocolHandlerskype-ie-addon-data - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerskype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:WindowsSysWow64userinit.exe (Microsoft Corporation)

O20:64bit: - WinlogonNotifyigfxcui: DllName - (igfxdev.dll) - C:WindowsSysNativeigfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:WindowsWebWallpaperimg24.jpg

O24 - Desktop BackupWallPaper: C:WindowsWebWallpaperimg24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/02/04 09:07:10 | 000,000,062 | ---- | M] () - I:Autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/11/18 19:38:19 | 000,000,000 | ---D | C] -- C:ProgramDataRoboForm

[2011/11/18 19:38:17 | 000,000,000 | ---D | C] -- C:UsersJacqueDocumentsMy RoboForm Data

[2011/11/18 19:37:53 | 000,000,000 | ---D | C] -- C:ProgramDataIObit

[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingIObit

[2011/11/18 19:36:57 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAdvanced SystemCare 5

[2011/11/18 19:36:49 | 000,000,000 | ---D | C] -- C:Program Files (x86)IObit

[2011/11/18 18:21:28 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingMalwarebytes

[2011/11/18 18:20:01 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2011/11/18 18:20:00 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2011/11/18 18:19:56 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:WindowsSysNativedriversmbam.sys

[2011/11/18 18:19:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2011/11/18 15:35:53 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalSeven Zip

[2011/11/18 14:54:20 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalMozilla

[2011/11/18 14:54:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox

[2011/11/18 08:46:24 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}

[2011/11/18 08:46:14 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}

[2011/11/17 08:21:08 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}

[2011/11/17 08:20:58 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}

[2011/11/16 14:36:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocalElevatedDiagnostics

[2011/11/16 13:10:30 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

[2011/11/16 13:10:28 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2011/11/16 12:54:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingPC Cleaners

[2011/11/16 12:54:10 | 005,359,888 | ---- | C] (PC Cleaners) -- C:Windowsuninst.exe

[2011/11/16 12:54:09 | 000,000,000 | ---D | C] -- C:ProgramDataPC1Data

[2011/11/16 12:47:10 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft

[2011/11/16 12:04:00 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}

[2011/11/16 12:03:50 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}

[2011/11/16 09:35:33 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}

[2011/11/16 09:35:23 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}

[2011/11/15 09:10:07 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}

[2011/11/15 09:09:46 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}

[2011/11/15 07:59:35 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed

[2011/11/12 23:28:15 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataRoamingComplitly

[2011/11/12 23:28:14 | 000,000,000 | ---D | C] -- C:Program Files (x86)Complitly

[2011/11/12 23:28:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)vShare.tv plugin

[2011/11/11 13:22:22 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}

[2011/11/11 13:22:12 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}

[2011/11/08 14:17:01 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}

[2011/11/08 14:16:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}

[2011/11/04 12:16:55 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}

[2011/11/04 12:16:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}

[2011/11/03 10:16:02 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}

[2011/11/03 10:15:52 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}

[2011/11/03 08:01:54 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsQuickTime

[2011/11/03 08:01:39 | 000,000,000 | ---D | C] -- C:Program Files (x86)QuickTime

[2011/11/03 08:01:36 | 000,000,000 | ---D | C] -- C:ProgramDataApple Computer

[2011/10/25 13:57:49 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{6F0FDC43-E4C0-4019-B826-EB9193C858F7}

[2011/10/25 13:57:37 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{7E332ECA-5E97-46DD-AF36-9D4E117F62F0}

[2011/10/25 13:56:57 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{1BCE783F-C19A-4E90-A18B-D6275168E6E0}

[2011/10/25 13:56:45 | 000,000,000 | ---D | C] -- C:UsersJacqueAppDataLocal{308F69E1-F3E7-46B4-AC92-A4061248C0ED}

[2011/10/24 13:29:02 | 000,094,208 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx

[2011/10/24 13:29:02 | 000,069,632 | ---- | C] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts

[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2011/11/21 12:13:47 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/21 12:13:47 | 000,003,216 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/21 12:10:00 | 000,000,898 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineUA.job

[2011/11/21 10:18:10 | 000,706,824 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2011/11/21 10:18:10 | 000,606,364 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2011/11/21 10:18:10 | 000,104,964 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2011/11/21 10:16:29 | 000,000,894 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskMachineCore.job

[2011/11/21 10:13:44 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2011/11/20 21:50:03 | 000,000,512 | ---- | M] () -- C:UsersJacqueDocumentsMBR.dat

[2011/11/20 20:15:13 | 000,001,203 | ---- | M] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk

[2011/11/18 19:36:58 | 000,001,080 | ---- | M] () -- C:UsersPublicDesktopQuick Care.lnk

[2011/11/18 19:36:57 | 000,001,058 | ---- | M] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2011/11/18 18:34:24 | 000,693,664 | ---- | M] () -- C:WindowsSysNativeFNTCACHE.DAT

[2011/11/18 18:20:01 | 000,000,950 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk

[2011/11/18 17:34:24 | 000,000,272 | ---- | M] () -- C:Windowsreimage.ini

[2011/11/18 14:54:16 | 000,000,914 | ---- | M] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,890 | ---- | M] () -- C:UsersPublicDesktopMozilla Firefox.lnk

[2011/11/17 14:37:03 | 000,245,494 | ---- | M] () -- C:WindowsSysNativeoem53.inf

[2011/11/16 13:10:30 | 000,000,772 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2011/11/16 12:53:45 | 005,359,888 | ---- | M] (PC Cleaners) -- C:Windowsuninst.exe

[2011/11/11 14:44:07 | 000,000,235 | ---- | M] () -- C:Windowsulead32.ini

[2011/11/03 08:01:54 | 000,001,758 | ---- | M] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2011/10/24 18:50:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2011/10/24 13:29:02 | 000,094,208 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTimeVR.qtx

[2011/10/24 13:29:02 | 000,069,632 | ---- | M] (Apple Inc.) -- C:WindowsSysWow64QuickTime.qts

[1 C:WindowsSysWow64*.tmp files -> C:WindowsSysWow64*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2011/11/20 21:50:02 | 000,000,512 | ---- | C] () -- C:UsersJacqueDocumentsMBR.dat

[2011/11/20 20:15:06 | 000,001,203 | ---- | C] () -- C:UsersJacqueDesktopOTL - Shortcut.lnk

[2011/11/18 19:36:58 | 000,001,080 | ---- | C] () -- C:UsersPublicDesktopQuick Care.lnk

[2011/11/18 19:36:57 | 000,001,058 | ---- | C] () -- C:UsersPublicDesktopAdvanced SystemCare 5.lnk

[2011/11/18 18:20:01 | 000,000,950 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes' Anti-Malware.lnk

[2011/11/18 17:34:13 | 000,000,272 | ---- | C] () -- C:Windowsreimage.ini

[2011/11/18 14:54:16 | 000,000,914 | ---- | C] () -- C:UsersJacqueApplication DataMicrosoftInternet ExplorerQuick LaunchMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,902 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk

[2011/11/18 14:54:16 | 000,000,890 | ---- | C] () -- C:UsersPublicDesktopMozilla Firefox.lnk

[2011/11/17 14:37:11 | 000,245,494 | ---- | C] () -- C:WindowsSysNativeoem53.inf

[2011/11/16 13:10:30 | 000,000,772 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk

[2011/11/03 08:01:54 | 000,001,758 | ---- | C] () -- C:UsersPublicDesktopQuickTime Player.lnk

[2011/09/14 20:14:40 | 000,000,274 | ---- | C] () -- C:Windowsdisney.ini

[2011/09/03 11:45:35 | 000,000,328 | ---- | C] () -- C:Windowswininit.ini

[2011/06/26 15:52:52 | 000,016,703 | ---- | C] () -- C:Windowscscmondump.bin

[2011/04/15 19:35:03 | 000,000,235 | ---- | C] () -- C:Windowsulead32.ini

[2011/03/31 23:07:02 | 010,877,272 | ---- | C] () -- C:WindowsSysWow64LogiDPP.dll

[2011/03/31 23:07:02 | 000,102,744 | ---- | C] () -- C:WindowsSysWow64LogiDPPApp.exe

[2011/03/31 23:06:56 | 000,331,608 | ---- | C] () -- C:WindowsSysWow64DevManagerCore.dll

[2011/03/15 19:38:35 | 000,048,640 | ---- | C] () -- C:UsersJacqueAppDataLocalDCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/14 12:51:03 | 000,053,299 | ---- | C] () -- C:WindowsSysWow64pthreadVC.dll

[2011/02/21 15:57:32 | 000,000,056 | -H-- | C] () -- C:ProgramDataezsidmv.dat

[2011/01/31 16:40:46 | 000,368,640 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2011/01/31 16:40:25 | 000,117,248 | ---- | C] () -- C:WindowsSysWow64EhStorAuthn.dll

[2011/01/31 16:39:46 | 000,107,612 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchema.bin

[2011/01/31 10:02:31 | 000,018,904 | ---- | C] () -- C:WindowsSysWow64StructuredQuerySchemaTrivial.bin

[2011/01/30 17:31:52 | 000,721,296 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/01/30 12:56:38 | 000,005,115 | ---- | C] () -- C:ProgramDataN360BUOptions.ini

[2008/01/20 20:50:05 | 000,060,124 | ---- | C] () -- C:WindowsSysWow64tcpmon.ini

[2007/01/02 03:12:02 | 000,581,120 | ---- | C] () -- C:WindowsmHotkey.exe

[2007/01/02 03:12:02 | 000,294,912 | ---- | C] () -- C:WindowsPIC.dll

[2007/01/02 03:12:02 | 000,036,864 | ---- | C] () -- C:WindowsLchDrvKey.exe

[2007/01/02 03:12:02 | 000,000,870 | ---- | C] () -- C:Windowsmhotkey_reg.ini

[2007/01/02 02:26:58 | 002,215,364 | ---- | C] () -- C:WindowsSysWow64igklg400.bin

[2007/01/02 02:26:58 | 001,971,732 | ---- | C] () -- C:WindowsSysWow64igklg450.bin

[2007/01/02 02:26:58 | 000,029,932 | ---- | C] () -- C:WindowsSysWow64igmedcompkrn.bin

[2006/11/02 09:37:05 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2006/11/02 06:37:14 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2006/11/02 06:24:17 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2006/11/02 06:18:17 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

[2006/11/02 03:47:54 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[1997/11/17 16:13:16 | 000,010,240 | ---- | C] () -- C:WindowsSysWow64vidx16.dll

 

========== LOP Check ==========

 

[2011/09/06 20:49:13 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingBandoo

[2011/02/22 17:21:29 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingCanon

[2011/11/12 23:28:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingComplitly

[2011/11/18 19:36:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIObit

[2011/06/01 14:22:12 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingIrfanView

[2011/01/31 19:09:30 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLeadertech

[2011/02/21 19:24:04 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingLudia

[2011/05/20 16:28:41 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingmuvee Technologies

[2011/02/10 14:18:32 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingOpenOffice.org

[2011/11/16 12:54:15 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPC Cleaners

[2011/02/12 17:17:43 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingPlayFirst

[2011/06/17 10:34:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSchool Zone Preferences

[2011/04/06 09:04:33 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingSouthwest Airlines

[2011/03/28 08:17:58 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingTomTom

[2011/06/09 21:00:11 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWal-Mart Digital Photo Viewer

[2011/01/31 22:08:50 | 000,000,000 | ---D | M] -- C:UsersJacqueAppDataRoamingWindows Live Writer

[2011/11/20 22:22:02 | 000,032,596 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%*.exe >

 

 

< MD5 for: AGP440.SYS >

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:WindowsSysNativedriversAGP440.sys

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0AGP440.sys

[2008/01/20 20:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:Windowswinsxsamd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fcAGP440.sys

 

< MD5 for: AHCIX86S.SYS >

[2008/04/18 00:33:46 | 000,175,632 | R--- | M] (AMD Technologies Inc.) MD5=844A6734E8BB3530FB1444ED698087BD -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB7xxRAIDLHahcix86s.sys

[2007/04/16 04:16:34 | 000,119,296 | ---- | M] (ATI Technologies Inc.) MD5=A5AC7B705166BF7CD07BB054BEEA8D03 -- C:ACERPreloadAutorunDRVATI Video Card MSI HD3450 256MB 3650 512MPackagesDriversSBDrvSB6xxRAIDLH64Aahcix86s.sys

 

< MD5 for: ATAPI.SYS >

[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:WindowsSysNativedriversatapi.sys

[2008/01/20 20:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2atapi.sys

[2009/04/11 02:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:Windowswinsxsamd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1eatapi.sys

 

< MD5 for: CNGAUDIT.DLL >

[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:WindowsSysNativecngaudit.dll

[2006/11/02 05:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:Windowswinsxsamd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1ccngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:WindowsSysWOW64cngaudit.dll

[2006/11/02 03:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:Windowswinsxsx86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6cngaudit.dll

 

< MD5 for: IASTOR.SYS >

[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriverIaStor.sys

[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:Program Files (x86)IntelIntel Matrix Storage ManagerDriver64IaStor.sys

[2007/03/21 14:59:30 | 000,381,720 | ---- | M] (Intel Corporation) MD5=9D7ED4275702E2FC409F2CC563245740 -- C:WindowsSysNativedriversiaStor.sys

 

< MD5 for: IASTORV.SYS >

[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:WindowsSysNativedriversiaStorV.sys

[2008/01/20 20:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:Windowswinsxsamd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5iaStorV.sys

 

< MD5 for: NETLOGON.DLL >

[2008/01/20 20:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598dnetlogon.dll

[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:WindowsSysWOW64netlogon.dll

[2009/04/11 01:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4netlogon.dll

[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:WindowsSysNativenetlogon.dll

[2009/04/11 02:11:18 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:Windowswinsxsamd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9netlogon.dll

[2008/01/20 20:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:Windowswinsxswow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88netlogon.dll

 

< MD5 for: NVSTOR.SYS >

[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:WindowsSysNativedriversnvstor.sys

[2008/01/20 20:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:Windowswinsxsamd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159dnvstor.sys

 

< MD5 for: SCECLI.DLL >

[2008/01/20 20:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243scecli.dll

[2008/01/20 20:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048scecli.dll

[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:WindowsSysWOW64scecli.dll

[2009/04/11 01:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:Windowswinsxswow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8fscecli.dll

[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:WindowsSysNativescecli.dll

[2009/04/11 02:11:24 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:Windowswinsxsamd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94scecli.dll

 

< %systemroot%*. /mp /s >

 

< %systemroot%system32*.dll /lockedfiles >

[1 C:Windowssystem32*.tmp files -> C:Windowssystem32*.tmp -> ]

 

< %systemroot%Tasks*.job /lockedfiles >

 

< %systemroot%system32drivers*.sys /lockedfiles >

 

< %systemroot%System32config*.sav >

 

< %systemroot%system32drivers*.sys /90 >

< End of report >

Share this post


Link to post
Share on other sites

Hello Anderson

 

No problem, we can get an uninstal list later using a different scan.

 

Before we go any further please make sure that the OTL executable is placed directly on your desktop.

 

Lets proceed as follows:

  • IOBIT Products

  • We note you are using one or more products from IOBit (Advanced SystemCare 5).
  • IOBit has been accused by Malwarebytes of illegally using their intellectual property without permission.
  • Please see this for additional information on these allegations: http://www.malwareby...howtopic=29681.
  • A thread in the IOBit’s forum responded to the accusations from MalwareBytes. It is noteworthy that several responses from users raising specific questions about IOBit’s response and finding it unsatisfactory were deleted and the thread was closed. The bottom line from IOBit was: “No hard proof shows that IObit stole the database of Malwarebytes.”
  • From what is said above, at least until the issues of possible database theft and spyware packaging is resolved, we do not recommend the use of IOBit products.
  • You can remove IOBit products by clicking on "Windows Orb" and then on "Computer" and then on the "Uninstall or Change a Program" tab.
  • Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      IE - HKCU\..\URLSearchHook: {c3d3840c-12ea-4461-a61d-190555fecc82} - C:\Program Files (x86)\Guffins\bar\1.bin\u4SrcAs.dll (Guffins)
      FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin
      FF - HKLM\Software\MozillaPlugins\@Guffins.com/Plugin: C:\Program Files (x86)\Guffins\bar\1.bin\NPu4Stub.dll (Guffins)
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\u4ffxtbr@Guffins.com: C:\Program Files (x86)\Guffins\bar\1.bin [2011/06/04 16:33:10 | 000,000,000 | ---D | M]
      SRV - [2011/04/25 18:28:19 | 000,036,864 | ---- | M] (Guffins) [On_Demand | Stopped] -- C:\Program Files (x86)\Guffins\bar\1.bin\u4barsvc.exe -- (GuffinsService)
      O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
      O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O2 - BHO: (Toolbar BHO) - {a916eefe-6a17-4d7d-a131-2738b260bb55} - C:\Program Files (x86)\Guffins\bar\1.bin\u4bar.dll (Guffins)
      O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Jacque\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
      O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll ()
      [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
      
      :Services
      GuffinsService
      
      :Files
      C:\Program Files (x86)\MyWebSearch
      C:\Users\Jacque\AppData\Roaming\Complitly
      C:\Program Files (x86)\Complitly
      C:\Program Files (x86)\Search Toolbar
      C:\Program Files (x86)\Guffins
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • MalwareBytes AntiMalware:

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.
    Please post the OTL log and the MBAM log in your next reply.

Share this post


Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerURLSearchHooks{c3d3840c-12ea-4461-a61d-190555fecc82} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c3d3840c-12ea-4461-a61d-190555fecc82} not found.

File C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@mywebsearch.com/Plugin not found.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsm3ffxtbr@mywebsearch.com: C:Program Files (x86)MyWebSearchbar1.bin not found.

Registry key HKEY_LOCAL_MACHINESoftwareMozillaPlugins@Guffins.com/Plugin not found.

File C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll not found.

File HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensionsu4ffxtbr@Guffins.com: C:Program Files (x86)Guffinsbar1.bin not found.

Error: No service named GuffinsService was found to stop!

ServiceDriver key GuffinsService not found.

File C:Program Files (x86)Guffinsbar1.binu4barsvc.exe not found.

64bit-Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.

File C:UsersJacqueAppDataRoamingComplitly64Complitly64.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{9D425283-D487-4337-BAB6-AB8354A81457} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.

File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{a916eefe-6a17-4d7d-a131-2738b260bb55} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{a916eefe-6a17-4d7d-a131-2738b260bb55} not found.

File C:Program Files (x86)Guffinsbar1.binu4bar.dll not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} not found.

File C:UsersJacqueAppDataRoamingComplitlyComplitly.dll not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{9D425283-D487-4337-BAB6-AB8354A81457} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.

File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.

Registry value HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerToolbarWebBrowser{9D425283-D487-4337-BAB6-AB8354A81457} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9D425283-D487-4337-BAB6-AB8354A81457} not found.

File C:Program Files (x86)Search ToolbarSearchToolbar.dll not found.

File/Folder C:Windowssystem32*.tmp not found.

========== SERVICES/DRIVERS ==========

Error: No service named GuffinsService was found to stop!

ServiceDriver key GuffinsService not found.

========== FILES ==========

FileFolder C:Program Files (x86)MyWebSearch not found.

FileFolder C:UsersJacqueAppDataRoamingComplitly not found.

FileFolder C:Program Files (x86)Complitly not found.

FileFolder C:Program Files (x86)Search Toolbar not found.

FileFolder C:Program Files (x86)Guffins not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Harley

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Jacque

->Temp folder emptied: 81551635 bytes

->Temporary Internet Files folder emptied: 300429929 bytes

->Java cache emptied: 4569226 bytes

->FireFox cache emptied: 10857712 bytes

->Flash cache emptied: 4596 bytes

 

User: KC

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 275604229 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 103899 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 99598 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 4097820622 bytes

 

Total Files Cleaned = 4,550.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

 

User: Default User

 

User: Guest

->Flash cache emptied: 0 bytes

 

User: Harley

->Flash cache emptied: 0 bytes

 

User: Jacque

->Flash cache emptied: 0 bytes

 

User: KC

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

File move failed. C:WindowsSystem32driversetcHosts scheduled to be moved on reboot.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11222011_140040

FilesFolders moved on Reboot...

FileFolder C:UsersJacqueAppDataLocalTemp~DF5156.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF7D1D.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF7D24.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF7D6E.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF7D74.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DFB472.tmp not found!

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5UA6RXG3XInboxLight[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5UA6RXG3XWebIMPop[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5S4WG6063default[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5adloader[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5AjaxHistoryFrame[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5QF149NB5xmlProxy[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5NZ6Y6JBR01[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5NZ6Y6JBRRteFrame_16.0.1877.0920[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5IPB7Y2T6sck[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4EEditMessageLight[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4Emsn_com[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5D5GCRG4Esck[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQMessenger[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQresourcespreload[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQresourcespreload[2].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54HFBQZJQxmlProxy[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE50EHLM4MVLocalStorage[1].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully.

File move failed. C:WindowsSystem32driversetcHosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

 

 

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8220

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

11/22/2011 3:24:38 PM

mbam-log-2011-11-22 (15-24-38).txt

Scan type: Quick scan

Objects scanned: 220746

Time elapsed: 2 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hello Anderson

 

Let continue with an Online scan:

  • Please run the following scan

  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
  • Please perform the following scan

  • Please download DDS from here and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
  • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
Please post the ESET log in your next reply along with both of the DDS logs.

 

Share this post


Link to post
Share on other sites

C:UsersJacqueAppDataLocalLowFunWebProductsInstallrCache01E589F0.exe a variant of Win32/Toolbar.MyWebSearch.O application

C:UsersJacqueAppDataLocalLowGuffinsEIInstallrCache02C596B1.exe a variant of Win32/Toolbar.MyWebSearch.O application

C:_OTLMovedFiles11222011_133417C_Program Files (x86)Search ToolbarSearchToolbar.dll Win32/Toolbar.Zugo application

C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application

C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application

C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application

C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application

C:_OTLMovedFiles11222011_133545C_Program Files (x86)Guffinsbar1.binu4skin.dll a variant of Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallrCache01E589F0.exe a variant of Win32/Toolbar.MyWebSearch.O application

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallrCache02C596B1.exe a variant of Win32/Toolbar.MyWebSearch.O application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe a variant of Win32/InstallCore.A application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe a variant of Win32/InstallCore.A application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binF3EZSETP.DLL a variant of Win32/Toolbar.MyWebSearch.M application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binF3PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.binNPFUNWEB.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4datact.dll a variant of Win32/Toolbar.MyWebSearch.A application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4html.dll probably a variant of Win32/Toolbar.MyWebSearch.F application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4Plugin.dll a variant of Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binu4skin.dll a variant of Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3CJPEG.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3DTACTL.DLL Win32/Adware.FunWeb application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HISTSW.DLL Win32/Adware.FunWeb application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HKSTUB.DLL Win32/Toolbar.MyWebSearch.G application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HTMLMU.DLL Win32/Toolbar.MyWebSearch.B application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3HTTPCT.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3IMSTUB.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3POPSWT.DLL Win32/Adware.FunWeb application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3PSSAVR.SCR Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3REGHK.DLL Win32/Toolbar.MyWebSearch.G application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3REPROX.DLL Win32/Toolbar.MyWebSearch.D application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3RESTUB.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3SCHMON.EXE Win32/Adware.FunWeb application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binF3SCRCTR.DLL Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3AUXSTB.DLL Win32/Toolbar.MyWebSearch.H application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3DLGHK.DLL Win32/Toolbar.MyWebSearch.I application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3HTML.DLL Win32/Toolbar.MyWebSearch.F application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IDLE.DLL Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IEOVR.DLL Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3IMPIPE.EXE Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3MSG.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3OUTLCN.DLL Win32/Toolbar.MyWebSearch.J application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3PLUGIN.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SKIN.DLL Win32/Toolbar.MyWebSearch.P application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SKPLAY.EXE Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SLSRCH.EXE Win32/Toolbar.MyWebSearch.J application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3SRCHMN.EXE Win32/Toolbar.MyWebSearch.I application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binM3TPINST.DLL Win32/Toolbar.MyWebSearch.I application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSBAR.DLL Win32/Toolbar.MyWebSearch.K application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSMLBTN.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOEMON.EXE Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOEPLG.DLL Win32/Toolbar.MyWebSearch.J application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSOESTB.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSSRCAS.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSSVC.EXE Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binMWSUABTN.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binNPMYWEBS.DLL Win32/Toolbar.MyWebSearch application

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search ToolbarSearchToolbar.dll Win32/Toolbar.Zugo application

Share this post


Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: DeviceHarddiskVolume2

Install Date: 1/30/2011 12:16:39 PM

System Uptime: 11/24/2011 2:40:28 PM (3 hours ago)

.

Motherboard: Gateway | | G33M05G1

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 586 GiB total, 490.429 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (NTFS) - 466 GiB total, 251.306 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: NETGEAR WPN311 RangeMax Wireless PCI Adapter

Device ID: PCIVEN_168C&DEV_0013&SUBSYS_5E001385&REV_014&31E4133E&0&08F0

Manufacturer: Atheros Communications Inc.

Name: NETGEAR WPN311 RangeMax Wireless PCI Adapter #3

PNP Device ID: PCIVEN_168C&DEV_0013&SUBSYS_5E001385&REV_014&31E4133E&0&08F0

Service: athr

.

==== System Restore Points ===================

.

RP494: 11/22/2011 2:06:14 PM - Windows Update

RP495: 11/23/2011 4:36:40 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Reader 8.1.2

Apple Application Support

Apple Software Update

Bing Bar

CameraHelperMsi

Canon MP Navigator EX 2.0

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Carbonite Online Backup Setup

Click to Call with Skype

Compatibility Pack for the 2007 Office system

Complitly

Coupon Printer for Windows

CyberLink Power2Go

D3DX10

DING!

erLT

ESET Online Scanner v3

Freemake Video Converter version 2.1.0

GameSpy Arcade

Gateway Games

Gateway Recovery Management

Google Toolbar for Internet Explorer

Google Update Helper

Graboid Video 2.01

Guffins

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

I Can Color!

iLivid

Info Center 1.0.0.7

IrfanView (remove only)

Java Auto Updater

Java 6 Update 24

Java 6 Update 5

Junk Mail filter update

KB0817 Keyboard Driver

LabelPrint

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Money Essentials

Microsoft Money Shared Libraries

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

muvee Reveal Seagate Edition

Napster

Napster Burn Engine

NETGEAR WNA3100 wireless USB 2.0 adapter

NETGEAR WPN311 Wireless Adapter

OpenOffice.org 3.3

Photo Explosion Deluxe

PrintMaster 2011 Platinum

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RealUpgrade 1.1

Samsung PC Studio 3 USB Driver Installer

Seagate Manager Installer

Search Toolbar

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Segoe UI

Skype™ 5.5

Smart Copy 3.1.1.1

Stronghold Crusader Extreme

TomTom HOME 2.8.1.2218

TomTom HOME Visual Studio Merge Modules

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update Installer for WildTangent Games App

Veetle TV

VLC media player 1.0.1

vShare.tv plugin 1.3

Wheel Of Fortune

WildTangent Games App (Gateway Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Wizard101

.

==== Event Viewer Messages From Past Week ========

.

11/24/2011 5:13:43 PM, Error: iaStor [9] - The device, DeviceIdeiaStor0, did not respond within the timeout period.

11/24/2011 2:42:28 PM, Error: Service Control Manager [7000] - The int15 service failed to start due to the following error: A device attached to the system is not functioning.

11/23/2011 6:46:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

11/23/2011 4:25:45 PM, Error: EventLog [6008] - The previous system shutdown at 1:56:14 PM on 11/23/2011 was unexpected.

11/22/2011 8:59:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

11/22/2011 2:00:40 PM, Error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).

11/22/2011 1:59:06 PM, Error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).

11/22/2011 1:48:25 PM, Error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

11/22/2011 1:31:48 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 5 service terminated unexpectedly. It has done this 1 time(s).

11/21/2011 10:13:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

11/18/2011 7:36:58 PM, Error: Service Control Manager [7030] - The Advanced SystemCare Service 5 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

11/18/2011 12:32:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Jacque-PCJacque SID (S-1-5-21-1643210993-2232105442-2364694577-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/17/2011 8:42:19 PM, Error: Service Control Manager [7034] - The PCPitstop Realtime service terminated unexpectedly. It has done this 1 time(s).

11/17/2011 2:58:43 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Jacque at 17:40:09 on 2011-11-24

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6132.3051 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32svchost.exe -k rpcss

c:Program FilesMicrosoft Security ClientAntimalwareMsMpEng.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32WLANExt.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)MicrosoftBingBarSeaPort.EXE

C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe

C:Program Files (X86)IntelIntel Matrix Storage ManagerIaantmon.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k imgsvc

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32DRIVERSxaudio64.exe

C:Windowssystem32WUDFHost.exe

c:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32Dwm.exe

C:Windowssystem32taskeng.exe

C:WindowsExplorer.EXE

C:Windowssystem32taskeng.exe

C:WindowsMHotKey.exe

C:WindowsChiFuncExt.exe

C:Program Files (x86)SeagateSeagateManagerSyncMaxSync.exe

C:Program FilesRealtekAudioHDARAVCpl64.exe

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAAnotif.exe

C:WindowsSystem32igfxtray.exe

C:Program FilesCanonMyPrinterBJMYPRT.EXE

C:Program FilesMicrosoft Security Clientmsseces.exe

C:WindowsCNYHKey.exe

C:Program Files (x86)NETGEARWNA3100WNA3100.exe

C:Program Files (x86)IOISmart CopyButtonMonitor.exe

C:Program Files (x86)SeagateSeagateManagerFreeAgent Statusstxmenumgr.exe

C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe

C:Program Files (x86)RealRealPlayerUpdaterealsched.exe

C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe

C:Program Files (x86)LogitechLWSWebcam SoftwareCameraHelperShell.exe

C:Program Files (x86)NETGEARWPN311wlancfg5.exe

C:WindowsModLedKey.exe

C:Windowssystem32SearchProtocolHost.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:WindowsSysWOW64DllHost.exe

C:Windowssystem32NOTEPAD.EXE

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=0111&m=dx4710-05

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

mRun: [LchDrvKey] LchDrvKey.exe

mRun: [LedKey] CNYHKey.exe

mRun: [Trigger New Acer AlaunchX] c:AcerPreloadCommandAlaunchXAppInRun.exe

mRun: [smart Copy] "C:Program Files (x86)IOISmart CopyButtonMonitor.exe" -A

mRun: [MaxMenuMgr] "C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe"

mRun: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hide

mRun: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRunOnce: [New Acer AlaunchX] c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupNETGEA~2.LNK - C:Program Files (x86)NETGEARWNA3100WNA3100.exe

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupNETGEA~1.LNK - C:Program Files (x86)NETGEARWPN311wlancfg5.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:PROGRA~2MICROS~2Office12EXCEL.EXE/3000

IE: Google Sidewiki... - C:Program Files (x86)GoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces{2FC6B3EB-D5AC-4AF8-944D-1F82FBE7CA60} : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelper.dll

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:ProgramDataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

BHO-X64: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - C:Program Files (x86)Guffinsbar1.binu4SrcAs.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)Javajre6binjp2ssv.dll

TB-X64: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - C:Program Files (x86)Guffinsbar1.binu4bar.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program Files (x86)GoogleGoogle ToolbarGoogleToolbar_32.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program Files (x86)MicrosoftBingBarBingExt.dll"

mRun-x64: [LchDrvKey] LchDrvKey.exe

mRun-x64: [LedKey] CNYHKey.exe

mRun-x64: [Trigger New Acer AlaunchX] c:AcerPreloadCommandAlaunchXAppInRun.exe

mRun-x64: [smart Copy] "C:Program Files (x86)IOISmart CopyButtonMonitor.exe" -A

mRun-x64: [MaxMenuMgr] "C:Program Files (x86)SeagateSeagateManagerFreeAgent StatusStxMenuMgr.exe"

mRun-x64: [LWS] C:Program Files (x86)LogitechLWSWebcam SoftwareLWS.exe -hide

mRun-x64: [TkBellExe] "C:Program Files (x86)RealRealPlayerUpdaterealsched.exe" -osboot

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [info Center] "C:Program Files (x86)PCPitstopInfo CenterInfoCenter.exe"

mRunOnce-x64: [New Acer AlaunchX] c:AcerPreloadCommandAlaunchXLaunchAlaunchX.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersJacqueAppDataRoamingMozillaFirefoxProfilesfsgyl71l.default

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:Program Files (x86)GoogleUpdate1.3.21.79npGoogleUpdate3.dll

FF - plugin: C:Program Files (x86)Guffinsbar1.binNPu4Stub.dll

FF - plugin: C:Program Files (x86)Javajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:Program Files (x86)Microsoft Silverlight4.0.60831.0npctrlui.dll

FF - plugin: C:Program Files (x86)VeetlePlayernpvlc.dll

FF - plugin: C:Program Files (x86)VeetlepluginsnpVeetle.dll

FF - plugin: C:Program Files (x86)WildTangent GamesAppBrowserIntegrationRegistered7NP_wtapp.dll

FF - plugin: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprpchromebrowserrecordext.dll

FF - plugin: C:ProgramDataRealRealPlayerBrowserRecordPluginMozillaPluginsnprphtml5videoshim.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:Windowssystem32DriversPxHlpa64.sys --> C:Windowssystem32DriversPxHlpa64.sys [?]

R0 SCMNdisP;General NDIS Protocol Driver;C:Windowssystem32DRIVERSscmndisp.sys --> C:Windowssystem32DRIVERSscmndisp.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:Windowssystem32DRIVERSMpFilter.sys --> C:Windowssystem32DRIVERSMpFilter.sys [?]

R2 BBUpdate;BBUpdate;C:Program Files (x86)MicrosoftBingBarSeaPort.EXE [2011-6-15 249648]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 FreeAgentGoNext Service;Seagate Service;C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe [2009-12-18 189736]

R2 sbapifs;sbapifs;C:Windowssystem32DRIVERSsbapifs.sys --> C:Windowssystem32DRIVERSsbapifs.sys [?]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:Windowssystem32DRIVERSbcmwlhigh664.sys --> C:Windowssystem32DRIVERSbcmwlhigh664.sys [?]

R3 CAXHWBS2;CAXHWBS2;C:Windowssystem32DRIVERSCAXHWBS2.sys --> C:Windowssystem32DRIVERSCAXHWBS2.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:Windowssystem32DRIVERSMpNWMon.sys --> C:Windowssystem32DRIVERSMpNWMon.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:Windowssystem32DRIVERSNisDrvWFP.sys --> C:Windowssystem32DRIVERSNisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:Program FilesMicrosoft Security ClientAntimalwareNisSrv.exe [2011-4-27 288272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:Program Files (x86)MicrosoftBingBarBBSvc.EXE [2011-7-7 195336]

S3 ETService;Empowering Technology Service;C:Program FilesGATEWAYGateway Recovery ManagementServiceETService.exe [2011-1-30 24576]

S3 fssfltr;FssFltr;C:Windowssystem32DRIVERSfssfltr.sys --> C:Windowssystem32DRIVERSfssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:Program Files (x86)Windows LiveFamily Safetyfsssvc.exe [2011-5-13 1492840]

S3 GamesAppService;GamesAppService;C:Program Files (x86)WildTangent GamesAppGamesAppService.exe [2010-10-12 206072]

S3 gupdate;Google Update Service (gupdate);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-1-30 135664]

S3 gupdatem;Google Update Service (gupdatem);C:Program Files (x86)GoogleUpdateGoogleUpdate.exe [2011-1-30 135664]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:Windowssystem32DRIVERSLVPr2M64.sys --> C:Windowssystem32DRIVERSLVPr2M64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:Windowssystem32DRIVERSlvrs64.sys --> C:Windowssystem32DRIVERSlvrs64.sys [?]

S3 LVUVC64;Logitech HD Webcam C270(UVC);C:Windowssystem32DRIVERSlvuvc64.sys --> C:Windowssystem32DRIVERSlvuvc64.sys [?]

S3 NPF;Netgroup Packet Filter;C:Windowssystem32DRIVERSnpf.sys --> C:Windowssystem32DRIVERSnpf.sys [?]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 TomTomHOMEService;TomTomHOMEService;C:Program Files (x86)TomTom HOME 2TomTomHOMEService.exe [2011-3-9 92592]

S3 UMVPFSrv;UMVPFSrv;C:Program Files (x86)Common FileslogishrdLVMVFMUMVPFSrv.exe [2011-3-31 428640]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768]

S3 WSWNA3100;WSWNA3100;C:Program Files (x86)NETGEARWNA3100WifiSvc.exe [2011-3-14 278528]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2011-1-31 89920]

.

=============== File Associations ===============

.

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-11-24 20:45:30 -------- d-----w- C:Program Files (x86)ESET

2011-11-24 20:40:48 69000 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{676F4DE7-0F4F-49CE-AB69-778A5576B7F2}offreg.dll

2011-11-23 22:37:05 8570192 ----a-w- C:ProgramDataMicrosoftMicrosoft AntimalwareDefinition Updates{676F4DE7-0F4F-49CE-AB69-778A5576B7F2}mpengine.dll

2011-11-22 19:34:17 -------- d-----w- C:_OTL

2011-11-19 01:37:53 -------- d-----w- C:ProgramDataIObit

2011-11-19 01:36:57 -------- d-----w- C:UsersJacqueAppDataRoamingIObit

2011-11-19 01:36:49 -------- d-----w- C:Program Files (x86)IObit

2011-11-19 00:21:28 -------- d-----w- C:UsersJacqueAppDataRoamingMalwarebytes

2011-11-19 00:20:00 -------- d-----w- C:ProgramDataMalwarebytes

2011-11-19 00:19:56 25416 ----a-w- C:WindowsSystem32driversmbam.sys

2011-11-19 00:19:56 -------- d-----w- C:Program Files (x86)Malwarebytes' Anti-Malware

2011-11-18 21:35:53 -------- d-----w- C:UsersJacqueAppDataLocalSeven Zip

2011-11-18 14:46:24 -------- d-----w- C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}

2011-11-18 14:46:14 -------- d-----w- C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}

2011-11-17 14:21:08 -------- d-----w- C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}

2011-11-17 14:20:58 -------- d-----w- C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}

2011-11-16 20:36:33 -------- d-----w- C:UsersJacqueAppDataLocalElevatedDiagnostics

2011-11-16 19:10:28 -------- d-----w- C:Program FilesCCleaner

2011-11-16 18:54:15 -------- d-----w- C:UsersJacqueAppDataRoamingPC Cleaners

2011-11-16 18:54:10 5359888 ----a-w- C:Windowsuninst.exe

2011-11-16 18:54:09 -------- d-----w- C:ProgramDataPC1Data

2011-11-16 18:47:10 -------- d-----w- C:Program Files (x86)Microsoft

2011-11-16 18:04:00 -------- d-----w- C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}

2011-11-16 18:03:50 -------- d-----w- C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}

2011-11-16 15:35:33 -------- d-----w- C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}

2011-11-16 15:35:23 -------- d-----w- C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}

2011-11-15 15:10:07 -------- d-----w- C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}

2011-11-15 15:09:46 -------- d-----w- C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}

2011-11-13 05:28:08 -------- d-----w- C:Program Files (x86)vShare.tv plugin

2011-11-11 19:22:22 -------- d-----w- C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}

2011-11-11 19:22:12 -------- d-----w- C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}

2011-11-08 23:08:10 40448 ----a-w- C:WindowsSystem32driverstcpipreg.sys

2011-11-08 23:08:10 1423744 ----a-w- C:WindowsSystem32driverstcpip.sys

2011-11-08 23:08:09 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat

2011-11-08 23:08:09 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat

2011-11-08 23:08:08 893440 ----a-w- C:Program FilesCommon FilesSystemwab32.dll

2011-11-08 23:08:08 707584 ----a-w- C:Program Files (x86)Common FilesSystemwab32.dll

2011-11-08 23:08:08 50688 ----a-w- C:Program FilesWindows Mailwabimp.dll

2011-11-08 20:17:01 -------- d-----w- C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}

2011-11-08 20:16:49 -------- d-----w- C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}

2011-11-04 18:16:55 -------- d-----w- C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}

2011-11-04 18:16:45 -------- d-----w- C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}

2011-11-03 16:16:02 -------- d-----w- C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}

2011-11-03 16:15:52 -------- d-----w- C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin7.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin6.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin5.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin4.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin3.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin2.dll

2011-11-03 14:02:05 159744 ----a-w- C:Program Files (x86)Internet ExplorerPLUGINSnpqtplugin.dll

.

==================== Find3M ====================

.

2011-10-25 00:50:14 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-10-24 19:29:02 94208 ----a-w- C:WindowsSysWow64QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- C:WindowsSysWow64QuickTime.qts

2011-09-06 13:56:50 2764288 ----a-w- C:WindowsSystem32win32k.sys

2011-09-01 05:24:07 2309120 ----a-w- C:WindowsSystem32jscript9.dll

2011-09-01 05:17:57 1389056 ----a-w- C:WindowsSystem32wininet.dll

2011-09-01 05:12:04 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2011-09-01 02:35:59 1798144 ----a-w- C:WindowsSysWow64jscript9.dll

2011-09-01 02:28:15 1126912 ----a-w- C:WindowsSysWow64wininet.dll

2011-09-01 02:22:54 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2011-08-30 22:28:46 3069032 ----a-w- C:WindowsSystem32driversRTKVHD64.sys

2011-08-30 21:41:22 1501696 ----a-w- C:WindowsSystem32RCoRes64.dat

2011-08-30 18:37:44 2518632 ----a-w- C:WindowsSystem32RtPgEx64.dll

.

============= FINISH: 17:40:40.40 ===============

Share this post


Link to post
Share on other sites

Hello Anderson

 

Lets proceed as follows:

  • Please un-install Java™ 6 Update 5

  • Click on "Windows Orb" then on "Computer" and then on the "Uninstall or change a program" tab.
  • A list of currently installed programs will be displayed.
  • Find the "Java™ 6 Update 5" program, click on it once and then click on the "uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.
  • Please update your Java

    • To update your Java, Click on the "Windows Orb" then on "Control Panel" and then on the Java icon (looks like a coffee cup).
    • In the window that opens, click on the "Update" tab, and then on "Update Now".
    • Your Java should begin to update. Please follow any prompts that you receive.
    Next, please make sure you have your I drive (Seagate) plugged into the machine before continuing:
  • Please open OTL

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :Files
      C:UsersJacqueAppDataLocalLowFunWebProducts
      C:Program Files (x86)Guffins
      C:UsersJacqueAppDataLocalLowGuffinsEI
      C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}
      C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}
      C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}
      C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}
      C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}
      C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}
      C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}
      C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}
      C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}
      C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}
      C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}
      C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}
      C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}
      C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}
      C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}
      C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}
      C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}
      C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}
      I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProducts
      I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEI
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProducts
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffins
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearch
      I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar
      
      :Reg
      [-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
      [-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
      [HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
      "{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-
      [-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
      
    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
    Post the OTL log in your next reply and let me know how the machine is running.
Edited by JonTom
Typo

Share this post


Link to post
Share on other sites

I uninstalled Java 6 Update 5 program. When I click on the Window Orb, then control panel, Java does not come up. I have Java 6 Update 24 in my control panel list of programs, but when I click on it, it asks to Unistall, not update. I will wait on your other directions until I hear from you on what to do with Java. I also wanted to say Thank You very much for helping me and I hope you had a wonderful Thanksgiving.

Share this post


Link to post
Share on other sites

Hello Anderson

 

I also wanted to say Thank You very much for helping me and I hope you had a wonderful Thanksgiving

No problem at all :)

 

I don't celebrate Thanksgiving myself (I have to wait until Christmas for my Turkey :drool: ), but I hope you had a nice one :)

 

I will wait on your other directions until I hear from you on what to do with Java

Lets update it manually:

  • Please update your Java

  • Download the latest version of Java by clicking here
  • Scroll down the page until you reach "Java Platform Standard Edition" (for Java SE 7u1).
  • Beneath this and to the right, you will see a red button marked "Download JRE".
  • Click the "Download JRE" button.
  • Accept the license agreement and click on "Continue".
  • Scroll down and click on the file called Windows x64 (jre-7u1-windows-x64.exe).
  • Save the file to your desktop.
  • Do not select Run.
  • Right click on the saved file (jre-7u1-windows-x64.exe) and select "Run as Administrator" to install the update.
  • Delete the downloaded installation file after completing the above procedure and reboot your system if not prompted to do so.
  • Once the latest version of Java has been installed, you may uninstall Java ™ 6 Update 24.

Once you Java is updated, continue with the OTL script I posted previously and post the log when completed.

Share this post


Link to post
Share on other sites

All processes killed

Error: Unable to interpret <:FilesC:UsersJacqueAppDataLocalLowFunWebProductsC:Program Files (x86)GuffinsC:UsersJacqueAppDataLocalLowGuffinsEIC:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5}C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E}C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F}C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8}C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289}C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04}C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7}C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E}C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF}C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3}C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529}C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50}C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF}C:UsersJacque> in the current context!

Error: Unable to interpret <AppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB}C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A}C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013}C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D}C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9}I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsI:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEII:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exeI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exeI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchI:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar:Reg[-HKEY_LOCAL_MACHINEsoftwaremicrosoft> in the current context!

Error: Unable to interpret <windowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}][-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-[-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]:Commands[purity][emptytemp][emptyflash][Reboot]> in the current context!

 

OTL by OldTimer - Version 3.2.31.0 log created on 11252011_154008

FilesFolders moved on Reboot...

Registry entries deleted on Reboot...

 

The computer is running mucho better! Thank you SO much! I have to ask, I noticed you had me use an Avast program at one point. Is Avast the best security program to use on a daily basis? I have used it in the past, but went with Microsoft Security Essientials a while back. MSS scans my computer everyday, but the virus I had, wasn't caught until I did a "full" scan. I don't usually do a full scan because it takes about 8 hours to run. I'm not that patient. :glare:

Share this post


Link to post
Share on other sites

Hello Anderson

 

MSE is a good program to use but there is nothing wrong with AVAST either (both are very popular and offer good protection). I would think MSE would be fine to keep.

 

If you would like to change let me know and I can provide some links to a number of trusted programs.

 

It does not look as though the last OTL script was processed correctly.

 

Please try it again, and make sure that the ":" of :Files is present.

 

Also, when you paste the script into OTL, please make sure that it looks exactly the same way as I have included it in the instructions.

 

Give the script another go and post the log in your next reply :)

Share this post


Link to post
Share on other sites

Every time I tried to copy and paste, it kept garbling it up in the OTL box. I double checked against your list and I think I got the entries seperated the way you posted it in your reply above. Here is the new scan list.

 

All processes killed

========== FILES ==========

C:UsersJacqueAppDataLocalLowFunWebProductsSharedCache folder moved successfully.

C:UsersJacqueAppDataLocalLowFunWebProductsShared folder moved successfully.

C:UsersJacqueAppDataLocalLowFunWebProductsInstallrCache folder moved successfully.

C:UsersJacqueAppDataLocalLowFunWebProductsInstallr folder moved successfully.

C:UsersJacqueAppDataLocalLowFunWebProducts folder moved successfully.

FileFolder C:Program Files (x86)Guffins not found.

C:UsersJacqueAppDataLocalLowGuffinsEIInstallrCache folder moved successfully.

C:UsersJacqueAppDataLocalLowGuffinsEIInstallr folder moved successfully.

C:UsersJacqueAppDataLocalLowGuffinsEI folder moved successfully.

C:UsersJacqueAppDataLocal{A50525B9-F370-4D6D-94E2-ADF250DA7EF5} folder moved successfully.

C:UsersJacqueAppDataLocal{62C30C58-1898-4722-9C71-D5E6CE7C355E} folder moved successfully.

C:UsersJacqueAppDataLocal{806B25CF-1620-4CF8-8FB7-EAB7C882100F} folder moved successfully.

C:UsersJacqueAppDataLocal{F39303B5-261E-4E2D-8ED2-DD54874C29D8} folder moved successfully.

C:UsersJacqueAppDataLocal{F6E91E63-1C61-48DC-80F7-0AD1882CA289} folder moved successfully.

C:UsersJacqueAppDataLocal{70E32EF9-699A-4B11-B554-55BA96B29C04} folder moved successfully.

C:UsersJacqueAppDataLocal{05EF98BF-1FDF-4541-B1B9-099E2E9550C7} folder moved successfully.

C:UsersJacqueAppDataLocal{62C25056-6DFD-46B3-BB56-F0125A6EA70E} folder moved successfully.

C:UsersJacqueAppDataLocal{CD1B8300-03A5-477A-837A-BC9F907C0ADF} folder moved successfully.

C:UsersJacqueAppDataLocal{1CFF41D5-E2D3-4520-8F32-909B3807D6A3} folder moved successfully.

C:UsersJacqueAppDataLocal{918267CD-65DE-480A-80A0-31A1F054A529} folder moved successfully.

C:UsersJacqueAppDataLocal{FF6CCC31-BAED-4663-B0B9-DB214470AC50} folder moved successfully.

C:UsersJacqueAppDataLocal{D20E56A4-D90F-46E0-B2AC-FB42064DA3AF} folder moved successfully.

C:UsersJacqueAppDataLocal{C059A461-7CFA-4BB4-A9BA-23B3D6EA20AB} folder moved successfully.

C:UsersJacqueAppDataLocal{2AD5AAF0-4074-4198-A7CF-88263934243A} folder moved successfully.

C:UsersJacqueAppDataLocal{0EFC5F72-1B2B-437D-899C-21FC67BDB013} folder moved successfully.

C:UsersJacqueAppDataLocal{C2AC8077-8DBE-4AC8-B834-9F7AF249329D} folder moved successfully.

C:UsersJacqueAppDataLocal{4AD22D86-DAB3-4095-A795-299CAC9E4CE9} folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsSharedCache folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsShared folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallrCache folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProductsInstallr folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowFunWebProducts folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallrCache folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEIInstallr folder moved successfully.

I:Seagate BackupJACQUE-PCCUsersJacqueAppDataLocalLowGuffinsEI folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterAviConverter.exe moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FoxTabAVIConverterUninstallUninstall.exe moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr1.bin folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProductsInstallr folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)FunWebProducts folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsbarSettings folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)GuffinsbarMessage folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.binchrome folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar1.bin folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffinsbar folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Guffins folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarSettings folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarOverlay folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarNotifier folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarMessage folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarIE9Mesg folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbaricons folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarGame folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbarAvatar folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.binchrome folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar1.bin folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearchbar folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)MyWebSearch folder moved successfully.

I:Seagate BackupJACQUE-PCHistoryLevel2CProgram Files (x86)Search Toolbar folder moved successfully.

Error: Unable to interpret <:Reg[-HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028}]> in the current context!

Error: Unable to interpret <[-HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028}]> in the current context!

Error: Unable to interpret <[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]> in the current context!

Error: Unable to interpret <"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-> in the current context!

Error: Unable to interpret <[-HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]> in the current context!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: AppData

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

 

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Harley

->Temp folder emptied: 368708 bytes

->Temporary Internet Files folder emptied: 67593382 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 827 bytes

 

User: Jacque

->Temp folder emptied: 17618960 bytes

->Temporary Internet Files folder emptied: 311310612 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 3137 bytes

 

User: KC

->Temp folder emptied: 47281 bytes

->Temporary Internet Files folder emptied: 39048406 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 959 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 50610 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 42645264 bytes

 

Total Files Cleaned = 457.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: AppData

 

User: Default

 

User: Default User

 

User: Guest

->Flash cache emptied: 0 bytes

 

User: Harley

->Flash cache emptied: 0 bytes

 

User: Jacque

->Flash cache emptied: 0 bytes

 

User: KC

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 11252011_172805

FilesFolders moved on Reboot...

FileFolder C:UsersJacqueAppDataLocalTemp~DF6F9.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF6FE.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF747.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF74C.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF79A.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF7A7.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF8077.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF807C.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF80C2.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF80C7.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF95F.tmp not found!

FileFolder C:UsersJacqueAppDataLocalTemp~DF97E.tmp not found!

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54C0YPUI5fastbutton[2].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE54C0YPUI5index[2].htm moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:UsersJacqueAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hello Anderson

 

I'm not sure why the formatting is being problematic..... Lets try the last part of that fix again:

  • Please open OTL

  • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

     

    :Reg
    	[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
    	[-HKEY_CLASSES_ROOT\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]
    	[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    	"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-
    	[-HKEY_CLASSES_ROOT\CLSID\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]
    	
    	:Commands
    	[purity]
    	[emptytemp]
    	[emptyflash]
    	[Reboot]
    	
    
  • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
  • Allow the program to run unhindered.
  • Your machine will re-start itself. This is normal.
  • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

Post the OTL log in your next reply :)

Share this post


Link to post
Share on other sites

I have been trying to run the OTL all day. When I click Run Fix, down at the bottom, it says "Processing Registry data :Commands" It says this for hours, then comes up OTL is not responding.

Share this post


Link to post
Share on other sites

Hello Anderson

 

Thanks for letting me know.

 

Lets try OTM (if OTM givers us problems we will try something else):

  • Please download OTM

  • Please download OTM by OldTimer by clicking here.
  • Save the file (called OTM.exe) to your desktop.
  • Right click on the OTM.exe icon and select "Run as Administrator" to run the program.
  • Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 

:Reg

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]

[-HKEY_CLASSES_ROOT\CLSID\{d6a34acb-76fa-4a14-88ea-5d54797a2028}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{de2fdf7c-2637-4ba3-b427-3fce2d331db5}"=-

[-HKEY_CLASSES_ROOT\CLSID\{de2fdf7c-2637-4ba3-b427-3fce2d331db5}]

 

 

:Commands

[Reboot]

 

 

 

 

  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM.
  • Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File -> Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Please post the OTM log in your next reply.

Share this post


Link to post
Share on other sites

OTM log:

 

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{d6a34acb-76fa-4a14-88ea-5d54797a2028} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028} not found.

Registry key HKEY_CLASSES_ROOTCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{d6a34acb-76fa-4a14-88ea-5d54797a2028} not found.

Registry value HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar{de2fdf7c-2637-4ba3-b427-3fce2d331db5} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5} not found.

Registry key HKEY_CLASSES_ROOTCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{de2fdf7c-2637-4ba3-b427-3fce2d331db5} not found.

========== COMMANDS ==========

 

OTM by OldTimer - Version 3.1.19.0 log created on 11272011_102427

Share this post


Link to post
Share on other sites

Hello Anderson

 

Thank you for the log.

 

I now have two icons on my desktop that are labeled desktop.ini Are they suppose to be there?

I don't believe we put them there, but that does'nt necesarily mean they are bad.

 

Please scan your system with DDS again and post the logs created.

 

Once we check the logs we'll take things from there :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×