helpless in miami Posted July 10, 2010 Posted July 10, 2010 OS: Windows Vista Home Premium Make/Model: HP/Pavillion Notebook (I have cut and pasted a previous post because I am experiencing the same problem and the person who posted before me (delevy 12/2009) described the situation perfectly, but for one or two of my own amendments.) Today, after watching a megavideo and attempting to return to my home screen on internet explorer, "...a security warning appears application can not be executed. the file wltuser.exe is infected, do u want to acivate your anti-virus software now with the options yes or no. when i press no it repeatedly pops up, there is also a pop-up appearing from the bottom tool bar with a grey white and black shield icon which looks like its imitating the windows shield it also reads the same as above. there is also two red and white pop-ups appearing one in the middle of the screen the other at the bottom right corner. the one at the bottom reads infultration alert your computer is being attacked by an internet virus, it could be a password stealing attack a trojon dropper or similar. details attack from : 228.221.206.39, port 51627 attacked port: 28558 threat: banker fox or 132/nugel.E do you want to block this attack..." I keep selecting "no" when asked if I "want to block this attack," "to activate my antivirus software," or "to upgrade to full version of antivirus software." My antivirus software is Avast! I received one "threat has been detected" message from Avast with a "malware blocked, no further action required" message five or ten minutes before a window looking like Windows Security alert box popped up. Besides continually getting requests to activate antivirus software or to block this attack, this thing also keeps trying to open internet explorer. I disabled my internet connection for now and am running a full Avast scan of my computer. I am afraid to reboot my computer or even to turn it off, for fear that I will make permanent whatever is happening. I have access to the internet on the other computer in the house. Please help me to fix my computer... Thanks, helpless in Miami Quote
BeeCeeBee Posted July 10, 2010 Posted July 10, 2010 What is the source of the megavideo you were watching. No matter you appear to have been infected and will require the aid of someone from the security team. If you have any antimalware software other than avast run it after you run the avast scan. Otherwise wait for someone from the security team to read this and reply. This kind of fake antivirus is all too common but you need to have gotten it from somewhere. Quote "Familiarity breeds contempt - and children." Mark Twain
helpless in miami Posted July 10, 2010 Author Posted July 10, 2010 malware - "Infiltration Alert" - cannot access files or internet Thanks so much for responding so quickly. The megavideo was at tvshack.cc, with which I have never had a problem. I ran the scan and found one infected file, which I deleted and then turned off the computer. I turned it back on about an hour later, only to find that I cannot open anything without getting the same "application infected" message. I tried downloading the anti-malware software mbam (from malwarebytes.org) onto a memory stick and opening it using the misbehaving computer; it installed, but then I got the same message "Application cannot be executed. The file mbam.exe is infected. Do you want to activate your antivirus software now?" Quote
BeeCeeBee Posted July 10, 2010 Posted July 10, 2010 The file mbam.exe is infected. Do you want to activate your antivirus software now?" Unfortunately that is the nature of the virus that bit you. I seriously doubt that there is a thing wrong with malwarebytes and that you will get that message regardless of what you try to open. If you can get into safemode you may want to try to run it from there, however, I think that safemode may not allow you access to your usb ports which would make running it from a flash drive impossible. Quote "Familiarity breeds contempt - and children." Mark Twain
helpless in miami Posted July 11, 2010 Author Posted July 11, 2010 Dear BeeCeeBee, I was completely successful in starting the computer in safe mode and running the anti-malware from the desktop (thankfully was able to install from memory stick, just could not run in normal mode). The program detected something like 240 infected files and removed them all. I have restarted the computer as the mbam requested, and now am not seeing any of the old messages. I happily report it seems the problem is solved and I am back into my files again. Since I have the malwarebytes software, will I be able to avoid this problem in the future? Thank you, thank you, thank you BeeCeeBee and PC Help Forum for giving me back my computer in less than 12 hours! Quote
helpless in miami Posted July 11, 2010 Author Posted July 11, 2010 Prior post was incomplete, but my editing was not quick enough to post: I happily report it seems the problem is partially solved and I am back into my files again, but I cannot access internet through explorer now. When I try to access any page (e.g., aol), it says "internet explorer cannot display the webpage." When I diagnose connection problems, i get the message that "www.aol.com is not set up to establish a connection on port 'world wide web service (HTTP)' with this computer and the only option is to verify the current proxy server connection. Will I have to restore my whole system in order to get things back to normal? Quote
BeeCeeBee Posted July 11, 2010 Posted July 11, 2010 You may have to reset your aol connection according to their instructions but now that you have everything else working you should be able to do a system restore to prior to when the trouble first appears. Certainly prior to this megavideo being downloaded. Quote "Familiarity breeds contempt - and children." Mark Twain
Goku Posted July 11, 2010 Posted July 11, 2010 I was completely successful in starting the computer in safe mode and running the anti-malware from the desktop (thankfully was able to install from memory stick, just could not run in normal mode). The program detected something like 240 infected files and removed them all. I have restarted the computer as the mbam requested, and now am not seeing any of the old messages. Hello HelplessInMiami. Glad to learn that you have regained control over your computer. However, contrary to popular belief, this does not mean that you are completely rid of the infection. Most malware are designed this way so that when they are partially removed, they lull the user into a false sense of security. It would be in your best interest to start a new thread here asking for a checkup. Our malware experts should clean you up should anything be found. I happily report it seems the problem is solved and I am back into my files again. Since I have the malwarebytes software, will I be able to avoid this problem in the future? This is not necessarily true. The first and the major step in preventing yourself from future infections would be to exercise extreme caution when surfing the web especially while viewing videos or playing streaming content. Secondly, Malwarebytes will only alert you about an attack attempt if you have it's paid version because the free version does not contain real-time protection. But don't worry about this now. Once you get cleaned up, the experts will give you an extensive guide to protect yourself from future infestations. :) I happily report it seems the problem is partially solved and I am back into my files again, but I cannot access internet through explorer now. When I try to access any page (e.g., aol), it says "internet explorer cannot display the webpage." When I diagnose connection problems, i get the message that "www.aol.com is not set up to establish a connection on port 'world wide web service (HTTP)' with this computer and the only option is to verify the current proxy server connection. The malware seems to have messed up the hosts file, I think. The error stated above does not exactly point at that but since you have problems opening sites only in Internet Explorer, I would think that there is a high chance of it happening. Once again, please exercise with caution and try not to perform much from the infected machine as you might be giving out your login credentials unintentionally. Hope that helps. -- Goku Quote
ExTS Admin Starbuck Posted July 11, 2010 ExTS Admin Posted July 11, 2010 Hi helpless in miami, If Internet Explorer is not working, it sounds like the malware has changed the proxy settings: Step 1 Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options Click on the Connections tab Click on the Lan Settings button Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen Then press the OK button to close the Internet Options screen. See if Internet Explorer works now. Step 2 Let's take a good look at your system: Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. Thanks Quote Member of:UNITE
helpless in miami Posted July 11, 2010 Author Posted July 11, 2010 Dear Goku and "member of Alliance...", Thanks for your repsonse. I am sorry I was not able to respond to your reply sooner. After I restored the system to a previous day, I ran the anti-malware stuff again, found some infected files, removed them and restarted. The program informed that there was difficulty removing one item, but I don't know what happened to that one. This morning when I started up, everything was absolutely back to "normal," meaning that I can access files the same as before the infection and can access internet through explorer. Quote
ExTS Admin Starbuck Posted July 11, 2010 ExTS Admin Posted July 11, 2010 I'd still run OTL and post the reports if i were you. It wouldn't hurt to have a quick check done. Quote Member of:UNITE
helpless in miami Posted July 11, 2010 Author Posted July 11, 2010 Starbuck, Thanks so much for the scan and instructions you sent. I ran it and here are the results for OTL and Extras: OTL OTL logfile created on: 7/11/2010 12:45:48 PM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.92 Gb Total Space | 166.88 Gb Free Space | 75.88% Space Free | Partition Type: NTFS Drive D: | 12.96 Gb Total Space | 2.45 Gb Free Space | 18.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation) PRC - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe (Conexant Systems, Inc.) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (LiveUpdate) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (MDM) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (wanatw) WAN Miniport (ATW) -- C:\Windows\SysNative\DRIVERS\wanatw64.sys File not found DRV:64bit: - (SymIMMP) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software) DRV:64bit: - (hcw72DTV) -- C:\Windows\SysNative\DRIVERS\hcw72DTV.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw72ATV) -- C:\Windows\SysNative\DRIVERS\hcw72ATV.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw72ADFilter) -- C:\Windows\SysNative\DRIVERS\hcw72ADFilter.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (uts_mdm) -- C:\Windows\SysNative\DRIVERS\uts_mdm.sys (MCCI) DRV:64bit: - (uts_serd) UTStarcom USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\uts_serd.sys (MCCI) DRV:64bit: - (uts_bus) UTStarcom USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\uts_bus.sys (MCCI) DRV:64bit: - (uts_mdfl) -- C:\Windows\SysNative\DRIVERS\uts_mdfl.sys (MCCI Corporation) DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys (Conexant Systems, Inc.) DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys (Conexant Systems, Inc.) DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys (Conexant Systems, Inc.) DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys (Conexant Systems, Inc.) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\CHDART64.sys (Conexant Systems Inc.) DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys (Conexant) DRV - (WinPhlash) -- C:\SWSetup\SP39466\Winphlash64\PhlashNT.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKLM\..\URLSearchHook: {e917fc61-7f80-4f1f-a882-cdffffbe4c8d} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - Welcome to AOL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = AOL.com - Welcome to AOL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/13 11:16:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\firefox\ O1 HOSTS File: ([2010/03/03 21:31:59 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (D-Link Toolbar Loader) - {f01858c7-2a68-4d93-9e22-502eae3917c2} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (D-Link Toolbar) - {61874dfa-9adf-44e5-8e61-f3913707e7d7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (D-Link Toolbar) - {61874DFA-9ADF-44E5-8E61-F3913707E7D7} - C:\Program Files (x86)\D-Link Toolbar\dlinktb.dll (AOL LLC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL File not found O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL File not found O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Athan] C:\Program Files (x86)\Athan\Athan.exe (IslamicFinder: Accurate Prayer Times, Athan (Azan), Mosques (Masjids), Islamic Center, Muslim Owned Businesses, Hijri Calendar, Islamic Directory worldwide.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [Quran_AR] C:\Program Files (x86)\Quran_AR\Quran_AR.exe (Search Truth Technologies) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: UseDefaultTile = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUplden-us.cab (MSN Photo Upload Tool) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab (PhotoPickConvert Class) O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab (BatchDownloader Class) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (RealPlayer G2 Control) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games-uk.pogo.com/online2/pogo/zuma/popcaploader_v5.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30:64bit: - LSA: Authentication Packages - (ows\S) - File not found O30 - LSA: Authentication Packages - (ows\S) - File not found O30:64bit: - LSA: Security Packages - (T2㐀�㠵ᘨ 協歰汤l<��뻯㠵ᘨ㢘杆&) - File not found O30:64bit: - LSA: Security Packages - (頶) - File not found O30 - LSA: Security Packages - (T2㐀�㠵ᘨ 協歰汤l<��뻯㠵ᘨ㢘杆&) - File not found O30 - LSA: Security Packages - (頶) - File not found O30 - LSA: Security Packages - (ᘨ㢘杆&) - Fi) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell - "" = AutoRun O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/07/11 12:42:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES [2010/07/10 23:38:24 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES [2010/07/10 23:05:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/07/10 23:05:36 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/07/10 22:56:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2010/07/10 22:27:21 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Mozilla [2010/07/10 16:56:14 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\Malwarebytes [2010/07/10 16:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/07/10 16:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/07/10 16:48:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2010/07/10 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\smhbbmgnl [2010/07/01 12:14:42 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\avastSS.scr [2010/06/27 22:01:16 | 000,000,000 | ---D | C] -- C:\Users\owner\Documents\MakeDiscVideo [2010/06/27 21:51:24 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\PCM4Everio [2010/06/27 21:48:32 | 000,000,000 | ---D | C] -- C:\MyWorks [2010/06/24 07:59:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll [2010/06/24 07:59:35 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll [2010/06/24 07:59:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe [2010/06/24 07:59:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe [2010/06/24 07:59:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll [2010/06/24 07:59:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll [2010/06/24 07:59:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll [2010/06/24 07:59:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll [2010/06/23 08:03:03 | 001,927,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2010/06/23 08:03:02 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2010/06/23 08:03:02 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Apphlpdm.dll [2010/06/23 08:03:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll [2010/06/23 08:03:01 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll [2010/06/23 08:02:59 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysNative\GameUXLegacyGDFs.dll [2010/06/22 11:46:10 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Roaming\ChessJam.808D34EF1AE2806F00104989FE66F8BDE6B323D7.1 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/11 12:47:30 | 004,718,592 | -HS- | M] () -- C:\Users\owner\ntuser.dat [2010/07/11 12:41:03 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/07/11 12:41:03 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/07/11 12:41:03 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/07/11 12:40:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.exe [2010/07/11 11:59:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/11 11:59:20 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/11 08:00:55 | 000,000,264 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/07/11 07:59:47 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010/07/11 07:59:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/11 07:59:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/11 07:58:43 | 4025,929,728 | -HS- | M] () -- C:\hiberfil.sys [2010/07/10 23:55:39 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000001.regtrans-ms [2010/07/10 23:55:39 | 000,065,536 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TM.blf [2010/07/10 23:55:25 | 001,191,261 | -H-- | M] () -- C:\Users\owner\AppData\Local\IconCache.db [2010/07/10 23:43:28 | 000,413,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010/07/10 23:41:05 | 000,524,288 | -HS- | M] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 23:05:41 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/10 23:01:34 | 000,000,328 | ---- | M] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat [2010/07/10 23:01:04 | 000,000,563 | ---- | M] () -- C:\Windows\SysWow64\KiweeChatbarCleanup.bat [2010/07/10 22:49:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2010/07/10 22:34:54 | 000,524,288 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 22:34:54 | 000,065,536 | -HS- | M] () -- C:\Users\owner\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010/07/10 22:33:45 | 000,027,839 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010/07/01 09:27:58 | 000,020,480 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\avastSS.scr [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2010/06/28 16:37:56 | 000,051,280 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2010/06/28 16:37:36 | 000,121,936 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2010/06/28 16:33:17 | 000,028,752 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys [2010/06/28 16:33:00 | 000,061,008 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2010/06/28 16:32:36 | 000,020,048 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/10 23:05:41 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/10 23:01:34 | 000,000,328 | ---- | C] () -- C:\Windows\SysWow64\UnifiedToolbarCleanup.bat [2010/07/10 23:01:04 | 000,000,563 | ---- | C] () -- C:\Windows\SysWow64\KiweeChatbarCleanup.bat [2010/07/10 22:44:35 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000002.regtrans-ms [2010/07/10 22:44:34 | 000,524,288 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TMContainer00000000000000000001.regtrans-ms [2010/07/10 22:44:34 | 000,065,536 | -HS- | C] () -- C:\Users\owner\ntuser.dat{10fe0cc7-8c96-11df-9ebd-001e68cbff03}.TM.blf [2010/07/10 21:01:22 | 4025,929,728 | -HS- | C] () -- C:\hiberfil.sys [2010/02/07 13:56:43 | 000,033,907 | ---- | C] () -- C:\Windows\Irremote.ini [2010/02/07 13:51:33 | 000,003,549 | ---- | C] () -- C:\Windows\HCWPNP.INI [2009/12/08 17:48:05 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini [2009/09/17 14:43:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009/09/17 14:39:52 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/02/03 21:03:08 | 000,339,968 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll [2009/02/03 21:03:08 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll [2008/12/04 09:39:06 | 000,000,109 | ---- | C] () -- C:\Windows\TmProxy.ini [2008/11/07 15:42:08 | 000,000,483 | ---- | C] () -- C:\Windows\ODBC.INI [2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2006/02/19 17:34:54 | 000,237,568 | --S- | C] () -- C:\Windows\SysWow64\FontDown.dll ========== LOP Check ========== [2009/02/14 14:46:17 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\agi [2010/06/22 11:46:10 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\ChessJam.808D34EF1AE2806F00104989FE66F8BDE6B323D7.1 [2009/07/21 16:12:40 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Image Zone Express [2009/08/06 00:56:24 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\PeerNetworking [2008/12/19 22:13:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Printer Info Cache [2008/12/30 22:37:02 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Smith Micro [2008/11/05 10:31:11 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template [2010/05/20 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\YouSendIt [2010/07/10 23:55:31 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008/01/20 22:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008/01/20 22:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009/04/11 03:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 07:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006/11/02 05:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/13 01:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/20 22:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008/01/20 22:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009/04/11 02:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009/04/11 03:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008/01/20 22:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008/01/20 22:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/20 22:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008/01/20 22:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009/04/11 02:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009/04/11 03:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B623B5B8 < End of report > Extras OTL Extras logfile created on: 7/11/2010 12:45:48 PM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\owner\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18928) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 219.92 Gb Total Space | 166.88 Gb Free Space | 75.88% Space Free | Partition Type: NTFS Drive D: | 12.96 Gb Total Space | 2.45 Gb Free Space | 18.90% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: OWNER-PC Current User Name: owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 1C 3E 5E DB AB 20 CB 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) "C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{357471F9-4420-4840-9C09-B06339EBE72C}" = lport=2869 | protocol=6 | dir=in | app=system | "{53D00E70-16B4-4480-A155-246F27CA957E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{F7861CD8-3C2D-4D08-98ED-40282D02E351}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035C2826-F84C-4998-963A-C8A2BB9523BE}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | "{049DBCC1-CD11-4C4A-BC5D-1079AEBC217E}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.1\waol.exe | "{12147133-8AA0-416E-AA67-343146C27D2F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | "{14179D55-D077-4E9C-BA72-4EC4A666637C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | "{1796DA31-BE10-42E5-85C4-1E72E76823FB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | "{1C1B85B3-E9D5-4990-A3AB-80C4755EE85C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{1DA12D29-D199-4DF4-836A-45424BBAA157}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{1EC9CA24-3769-48C3-B126-111C0003C2DA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | "{26E866B2-AFAA-4F6B-8C75-8CB117D32B0C}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{29EA17F2-F5FA-4527-B29A-201BFF556CB9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{3BCCB8F2-0CA6-429D-9443-C82912B09112}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{3D3D88FA-F1FE-4928-8B6C-C5F28E203E0B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{512DFD9E-3258-4F1E-A9BF-B8004535F5A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | "{58A63BA4-FF1F-4520-B25E-A983BE1E26D3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{58B3666C-0C79-4773-82E2-3D7D84DCABBA}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | "{63FC313B-855F-4B52-A9E6-0A961B381B21}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{6435A5BE-2566-42D4-8C75-B3C3EEF67587}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{71B241DA-CF4A-4703-937C-5A7DF975456D}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | "{7253B6F7-6BBE-4DA8-9215-4CB97C5EFB06}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe | "{83A77C5F-0E9F-496B-AF62-50BE529FCF94}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe | "{879F1893-663F-44CD-81BC-3BB67AFD0B51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector express\pdx.exe | "{A08F9AFF-E862-497A-BF4C-7ACE4FFB49E7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{A26C5F0B-AD42-4CB0-B7F6-EE7255674430}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | "{A5B9E76D-4083-41A6-99AF-3D109B4CB64D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1233269124\ee\aolsoftware.exe | "{AD1609AF-66C2-45E7-995F-3B876CC5B990}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | "{B44C6DB9-A4EF-42AF-9EFE-5C05371ADD41}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1233269124\ee\aolsoftware.exe | "{B6982748-BC72-48E2-9EA6-CD3F67BA49BC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{BFFDA56B-C37B-4980-AA7D-9C36C980EFC9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | "{C1E7F158-FD8E-4CDD-94AE-8727D72F66C5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{C3AC23E4-7B65-474E-AA3C-43134C2C3E7D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{C70598E3-B15E-4DCC-88A4-17EDA0BBA04B}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | "{D00FD6CC-F220-48E5-8932-61495AB620F0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | "{DB28D26E-8D8F-4A7F-9E65-8C8FDBB0F8CF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{ED0A3DF8-B609-44E1-B2B9-1A9E6B3D6C3E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{F591845E-23EF-4DA2-84E5-C9A34FA0BC15}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | "{F709EF75-EABF-45B2-8DC1-70F8ED48A811}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | "{FB260703-AC2E-4D86-A41E-976E0D81ADDD}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{025E6CD3-A8F6-45FC-81AA-5E1BC6A58D23}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "TCP Query User{1F3A461E-4A46-4C7E-9CF0-87FF2AD5A39C}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{6823ED79-8D08-415B-88F3-9EE7D7C44472}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{6AFAE4C2-79A6-4067-A5AD-5D3C7D267636}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{28CCD9AF-8D10-406D-B96D-2D1A7F258EFC}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{734B9F9D-336F-4739-A28D-DE3BB31B41B5}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | "UDP Query User{CC81417C-BAB1-45DC-A89C-77E4B0BD3D93}C:\users\owner\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\macromedia\flash player\http://www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{FC4C7112-D2C9-4546-8D3B-0D5F443D9C36}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series" = Canon iP2600 series "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90B5B05F-AFDA-4922-A153-45B14200BA77}" = SPBBC 64bit "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{BA1035C7-14DE-4857-8285-4ACFC74172EC}" = Apple Mobile Device Support "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers "SynTPDeinstKey" = Synaptics Pointing Device Driver "UTStarcom USB Modem" = UTStarcom USB Modem Software [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 13 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar) "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1 "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2 "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6 "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01 "{63E0F15B-EB78-4BE9-AC36-BF853192B180}" = KFC PHQ "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar) "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088 "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar) "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{AC76BA86-1033-0000-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951 "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar) "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0 "Athan" = Athan Basic 3.4 "avast5" = avast! Free Antivirus "Canon iP2600 series User Registration" = Canon iP2600 series User Registration "CanonMyPrinter" = Canon Utilities My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "D-Link Toolbar" = D-Link Toolbar "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ENTERPRISE" = Microsoft Office Enterprise 2007 "Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.27022) "Hauppauge WinTV 7" = Hauppauge WinTV 7 "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "QuickLink Mobile" = QuickLink Mobile "Quran_AR" = Quran Auto Reciter 2.3 "RealPlayer 12.0" = RealPlayer "SoftwareUpdUtility" = Download Updater (AOL LLC) "ViewpointMediaPlayer" = Viewpoint Media Player "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/2/2009 2:37:35 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 2:59:43 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 3:31:33 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/2/2009 9:37:59 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 8:43:48 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 3:07:06 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/3/2009 6:36:57 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4621 Description = Error - 6/3/2009 8:33:50 PM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = Error - 6/4/2009 8:24:42 AM | Computer Name = owner-PC | Source = EventSystem | ID = 4621 Description = Error - 6/4/2009 8:55:42 AM | Computer Name = owner-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 2/7/2010 3:11:43 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:44 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:44 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:11:45 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:13:51 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/7/2010 3:13:53 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/20/2010 10:32:34 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/20/2010 10:32:35 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/22/2010 9:18:58 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = Error - 2/22/2010 9:19:00 PM | Computer Name = owner-PC | Source = ehRecvr | ID = 3 Description = [ System Events ] Error - 7/10/2010 9:52:20 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:09:15 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:15:21 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:33:33 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:44:19 PM | Computer Name = owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.103 for the Network Card with network address 00210047C9A6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). Error - 7/10/2010 10:44:57 PM | Computer Name = owner-PC | Source = WinDefend | ID = 2004 Description = Error - 7/10/2010 10:48:30 PM | Computer Name = owner-PC | Source = HTTP | ID = 15016 Description = Error - 7/10/2010 10:49:33 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7022 Description = Error - 7/10/2010 11:32:47 PM | Computer Name = owner-PC | Source = DCOM | ID = 10010 Description = Error - 7/11/2010 7:59:24 AM | Computer Name = owner-PC | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.0.100 for the Network Card with network address 00210047C9A6 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message). < End of report > Thanks again Starbuck, helpless in Miami Quote
ExTS Admin Starbuck Posted July 11, 2010 ExTS Admin Posted July 11, 2010 Hi again, It would seem that you probably had a trial version of 'Norton' on the system and this has now been removed in favor of Avast. There's still a few Norton leftovers, so we'll remove those. The registry needs a little tidying up and your Java is out of date. So, let's begin: Step 1 Please go to the add/remove feature and remove the following program: LiveUpdate (Symantec Corporation) Step 2 Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl PRC - c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) SRV - (LiveUpdate) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) DRV:64bit: - (SymIMMP) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIM.sys File not found FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr @mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\firefox\ O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\system32\NvCpl.DLL File not found O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\system32\NvMcTray.DLL File not found O4 - HKLM..\Run: [] File not found O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://games-uk.pogo.com/online2/pog...ploader_v5.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolb...lerControl.cab (Reg Error: Key error.) O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell - "" = AutoRun O33 - MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found [2010/07/10 12:40:06 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\smhbbmgnl [2010/07/01 09:27:58 | 000,020,480 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:B623B5B8 :commands [emptytemp] [purity] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Step 3 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 21 and save it to your desktop. Scroll down to where it says "JDK 6 Update 21 (JDK or JRE). Click the "Download JRE" button to the right. select 'Windows x64' from the Platform down arrow. Read the License Agreement and then check the box that says: "Accept License Agreement". Click Continue. The page will refresh. Click on the link to download Windows Offline Installation and save the file to your desktop. Close any programs you may have running - especially your web browser. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name. Java 6 Update 13 Java 6 Update 2 Java 6 Update 7 Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java versions. Reboot your computer once all Java components are removed. Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version. In your next reply, please submit: Otl fix report and let me know of any problems with the system Thanks. Quote Member of:UNITE
helpless in miami Posted July 14, 2010 Author Posted July 14, 2010 Hi again Starbuck, Below is a copy of the OTL fix report. I was removing Java at the same time I was running OTL until I got a message telling me to close Java. I hope it didn't cause a problem (it doesn't seem to have). Thank you so much for all of your help; it is truly wonderous to have my computer back and with an addition that may prevent this problem in the future. You may have hit the nail exactly on the head regarding the older versions of Java, since I kept noticing a Java pop-up during the megavideo streaming. Anyway, here is the OTL fix report: All processes killed ========== OTL ========== No active process named Program Files was found! Error: No service named LiveUpdate was found to stop! Service\Driver key LiveUpdate not found. File c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE not found. Error: No service named Automatic LiveUpdate Scheduler was found to stop! Service\Driver key Automatic LiveUpdate Scheduler not found. File c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe not found. Service SymIMMP stopped successfully! Service SymIMMP deleted successfully! File C:\Windows\SysNative\DRIVERS\SymIM.sys File not found not found. Service SymIM stopped successfully! Service SymIM deleted successfully! File C:\Windows\SysNative\DRIVERS\SymIM.sys File not found not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr @mywebsearch.com not found. File C:\Program Files (x86)\MyWebSearch\bar\firefox not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvCplDaemon not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616} C:\Windows\Downloaded Program Files\DivXPlugin.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found. Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} C:\Windows\Downloaded Program Files\popcaploader.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\Windows\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Starting removal of ActiveX control CabBuilder Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3f7e38d-1eee-11df-b7fc-001e68cbff03}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe not found. C:\Users\owner\AppData\Local\smhbbmgnl folder moved successfully. C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully. ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: owner ->Temp folder emptied: 842078500 bytes ->Temporary Internet Files folder emptied: 826257961 bytes ->Java cache emptied: 70085575 bytes ->Flash cache emptied: 1269660 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 173394620 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 1796 bytes Total Files Cleaned = 1,825.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: owner ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07132010_202142 Files\Folders moved on Reboot... C:\Users\owner\AppData\Local\Temp\ehmsas.txt moved successfully. File\Folder C:\Users\owner\AppData\Local\Temp\~DFD74C.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDE9A.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDEF8.tmp not found! File\Folder C:\Users\owner\AppData\Local\Temp\~DFDF04.tmp not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRCMYH7R\ads[3].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SRCMYH7R\signin[1].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\10061-malware-infiltration-alert-cannot-access-files-internet[1].html not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\jdk-6u21-windows-x64[1].exe not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NEK3L22Z\ViewFilteredProducts-SingleVariationTypeFilter;pgid=yYdgaHqkkjVSR0EUPIQsoQ3D0000eRs7J2X5;sid=o_xkvq8K-IdkvuM3p-TtQL-45afhKNo9dAsgYWJgWxuWvqAp6OI=[1].htm not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\im0l[1].js not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\im0p[1].js not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\i_next_page_disable[1].gif not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\Jeep_Brand_1x1[1].gif not found! File\Folder C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C3ZWYFS8\jquery.event.special.sonar.min[1].js not found! File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... Quote
ExTS Admin Starbuck Posted July 14, 2010 ExTS Admin Posted July 14, 2010 Hi HiM, Total Files Cleaned = 1,825.00 mb That was a fair chunck of rubbish ;) Sounds like the system is running normal again..... but let's double check everything before we finish off. Please update MBAM and run another scan: Start MBAM Click on the Update tab http://img.photobucket.com/albums/v708/starbuck50/mbam1.png Click Check for Updates http://img.photobucket.com/albums/v708/starbuck50/mbam2.png If it says that MBAM needs to close to update it... let it close and then restart. Then click the Scan button. Don't forget: When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM.Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Please copy and paste the report here for me. Thanks Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.