dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
3484
share rss forum feed

vzDE

join:2006-11-23
Newark, DE

2 edits

[RESOLVED] Twice in 2 years

Well, less than 2 years and the daughter of a friend has more trouble with her Laptop. With the great help of the mods here last time, maybe we can do this again? Complaining of "won't go anywhere" and "can't shut down" I turned off a couple of start-up processes and started the scans attached. I haven't removed any programs but see a few that should be trashed. Your help to make sure that nothing serious is going on is greatly appreciated.
Note: No extras.txt generated on the OTL scan.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast

Re: Twice in 2 years

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.02.05

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.18999
Margaret :: MARGARET-PC [administrator]

10/2/2012 9:41:50 AM
mbam-log-2012-10-02 (09-41-50).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 357343
Time elapsed: 2 hour(s), 1 minute(s), 44 second(s)

Memory Processes Detected: 1
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> 3076 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 3
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab PDF Converter (Adware.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.BundleInstaller.IB) -> Delete on reboot.
C:\Program Files\FoxTabPDFConverter\Uninstall\Uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\15a1c9\PS15a_289.exe (Rogue.PCSecurityGuardian.Gen) -> Quarantined and deleted successfully.
C:\Users\Margaret\AppData\Local\Temp\pc_pack107_289 (1).exe (Rogue.PCSecurityGuardian.Gen) -> Quarantined and deleted successfully.
C:\Users\Margaret\AppData\Local\Temp\pc_pack107_289.exe (Rogue.PCSecurityGuardian.Gen) -> Quarantined and deleted successfully.
C:\Users\Margaret\Documents\EZCalendar.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\Margaret\Downloads\PDFConverterSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Margaret\Downloads\PDFCreatorSetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

(end)
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
OTL logfile created on: 10/2/2012 2:27:14 PM - Run 2
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Margaret\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 59.62% Memory free
6.15 Gb Paging File | 5.10 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 57.85 Gb Free Space | 26.51% Space Free | Partition Type: NTFS
Drive D: | 15.01 Gb Total Space | 10.49 Gb Free Space | 69.84% Space Free | Partition Type: FAT32
Drive E: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.60% Space Free | Partition Type: NTFS

Computer Name: MARGARET-PC | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/10/02 14:25:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
PRC - [2012/08/26 19:34:28 | 000,107,520 | ---- | M] () -- C:\Users\Margaret\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () -- C:\Program Files\DefaultTab\DefaultTabSearch.exe
PRC - [2010/09/07 12:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/04/11 13:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 11:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/31 10:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 10:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 10:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/31 10:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/01/06 14:14:29 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fa59ae648bd8ff020bc23b868ebbfff4\System.Web.ni.dll
MOD - [2011/01/06 14:13:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a94f89da5977e86ad14f3dda6021533c\System.Runtime.Remoting.ni.dll
MOD - [2011/01/06 14:10:00 | 007,949,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\4b449f70f11d417a4e679bcaf95ad850\System.ni.dll
MOD - [2011/01/06 14:09:38 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fdc98474b0d44a9e0d5c524023dc6b35\mscorlib.ni.dll
MOD - [2008/12/21 14:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/08/26 19:34:28 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Margaret\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2012/08/14 22:25:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/17 15:18:00 | 000,562,688 | ---- | M] () [Auto | Running] -- C:\Program Files\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 12:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 14:21:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/07 11:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 11:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 11:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 11:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 11:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 14:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\URLSearchHook: {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
IE - HKLM\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120929&user_guid=66FBD8F0C0AE4E5282A40F78D83180A5&machine_id=5b1cc50cbba72c36dc8dfd92d79163f5&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.smilebox.com?a=6R8bmjazid
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=06A4FD34-CCF6-4D01-87B4-295083218DC8&apn_sauid=F3232BE5-6679-46DD-8918-4DD226EC0F16
IE - HKCU\..\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}: "URL" = http://www.mysearchresults.com/search?&c=2634&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111120&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120929&user_guid=66FBD8F0C0AE4E5282A40F78D83180A5&machine_id=5b1cc50cbba72c36dc8dfd92d79163f5&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
IE - HKCU\..\SearchScopes\{BC2DBFC9-A6A6-4FF9-8C0C-288EC1258C48}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120835,6901,0,8,0
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6R8bmjazid
IE - HKCU\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: StartNow (Enabled)
CHR - default_search_provider: search_url = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120929&user_guid=66FBD8F0C0AE4E5282A40F78D83180A5&machine_id=5b1cc50cbba72c36dc8dfd92d79163f5&browser=CR&os=win&os_version=6.0-x86-SP1
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: StartNow = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei\2.5.0_0\
CHR - Extension: DefaultTab = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.8_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\
CHR - Extension: We-Care Reminder Lite = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpmjnommfoljgjbckjmjhkmnhfmcmon\1.2.0.2_0\.bak
CHR - Extension: Gmail = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Margaret\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O2 - BHO: (NetAssistant) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll (W3i, LLC)
O2 - BHO: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (SmileBox EN Toolbar) - {f897eb0e-a3a4-46c3-80eb-2729699d8892} - C:\Program Files\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (SmileBox EN Toolbar) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - C:\Program Files\SmileBox_EN\prxtbSmil.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Unable to open value key)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B881974-7A82-4EB1-B247-05C646574C11}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/10/02 14:25:28 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/02 09:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 09:40:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/02 09:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/02 09:35:40 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Margaret\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/02 09:09:11 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Margaret\Desktop\TFC.exe
[2012/09/29 12:48:14 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Local\StartNow
[2012/09/21 16:11:28 | 009,573,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/09/03 18:00:47 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Roaming\StartNow Toolbar

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/10/02 14:25:30 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/02 14:10:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/02 14:10:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/02 13:56:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 13:56:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/02 12:17:55 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/02 12:17:55 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/02 12:02:43 | 000,881,724 | ---- | M] () -- C:\Users\Margaret\Desktop\SecurityCheck.exe
[2012/10/02 11:56:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/02 11:56:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/02 11:55:56 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/02 09:40:43 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/02 09:36:33 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Margaret\Desktop\mbam-setup-1.65.0.1400.exe
[2012/10/02 09:09:13 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\TFC.exe
[2012/09/28 13:15:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/21 16:11:30 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 16:11:30 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 16:11:28 | 009,573,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/10/02 12:02:40 | 000,881,724 | ---- | C] () -- C:\Users\Margaret\Desktop\SecurityCheck.exe
[2012/10/02 09:40:43 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/20 14:59:28 | 000,002,217 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/11/20 14:19:11 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/11/20 13:43:19 | 000,116,218 | ---- | C] () -- C:\Users\Margaret\Blast Cells.jpg
[2010/11/07 12:53:55 | 000,000,255 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/26 18:32:19 | 000,000,113 | ---- | C] () -- C:\Users\Margaret\webct_upload_applet.properties
[2010/07/15 19:58:59 | 000,000,552 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d8caps.dat
[2009/10/12 22:43:14 | 000,024,206 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\UserTile.png
[2009/08/31 15:54:19 | 000,006,756 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d9caps.dat
[2009/08/29 19:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/25 23:13:18 | 000,000,468 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\wklnhst.dat
[2009/08/19 19:01:09 | 000,034,304 | ---- | C] () -- C:\Users\Margaret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/26 12:55:26 | 011,581,440 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/16 16:40:42 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2012/08/26 19:34:28 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\DefaultTab
[2011/01/05 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\FrostWire
[2009/10/12 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\PeerNetworking
[2012/08/26 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Smart PC Cleaner
[2012/05/08 16:04:09 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Smilebox
[2012/09/03 18:00:47 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\StartNow Toolbar
[2009/08/25 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Template
[2009/10/19 11:19:47 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]

--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 1 x86 (UAC is enabled)
[color=red]Out of date service pack!![/color]
Internet Explorer 8 [color=red]Out of date![/color]
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.0.1400
Smart PC Cleaner v3.0
Java(TM) 6 Update 27
[color=red]Java version out of Date![/color]
Adobe Flash Player 10 [color=red]Flash Player out of Date![/color]
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0 %
[u]````````````````````End of Log``````````````````````[/u]
--
~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
reply to vzDE
Please look again for the ESET log...should be in C:/Program Files/ESET/log.text

...it's not complete...

Thanks

vzDE

join:2006-11-23
Newark, DE
Sorry 'Lil, that's the only log text generated from the Eset scan. I cut and pasted it to a flash drive when the program completed, but also checked on closing the program to uninstall. It didn't completely uninstall but the log.txt is gone. I'll happily run it again if it would help.


lilhurricane
Crunchin' For Cures
Numquam oblita
join:2003-01-11
Purple Zone
kudos:57
Reviews:
·Comcast
No worries...it should have still been there even if uninstalled

....if you do have time..a BitDefender scan might be helpful.
I'm sure LPP will be viewing tomorrow

Also...can you please describe any remaining symptoms after our tools were run?

vzDE

join:2006-11-23
Newark, DE
Bitdefender....as far as how is Laptop running, a little laggy but no more crashing and freezing.

QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Wed Oct 03 10:39:03 2012
Machine ID: CCE22DD0

No infection found.
-------------------

Processes
---------
Adobe® Flash® Player Installer/Uninstal 4408 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
avast! Antivirus 4048 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
HP Smart Web Printing 4232 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
Windows Live Toolbar 4160 C:\Program Files\Windows Live\Toolbar\wltuser.exe
Windows® Internet Explorer 1500 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 1556 C:\Program Files\Internet Explorer\iexplore.exe
(unsigned) Dell Wireless WLAN Card Wireless Networ 3336 C:\Windows\System32\WLTRAY.EXE

(verified) Alps Pointing-device Driver 2268 C:\Program Files\DellTPad\Apoint.exe
(verified) Alps Pointing-device Driver 3960 C:\Program Files\DellTPad\hidfind.exe
(verified) Alps Pointing-device Driver for Windows 3744 C:\Program Files\DellTPad\ApntEx.exe
(verified) Google Chrome 2120 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3460 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3468 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 3796 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4052 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 4088 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) Google Chrome 5088 C:\Program Files\Google\Chrome\Application\chrome.exe
(verified) IDT PC Audio 3772 C:\Program Files\IDT\WDM\sttray.exe
(verified) Intel(R) Common User Interface 3172 C:\Windows\System32\hkcmd.exe
(verified) Intel(R) Common User Interface 3788 C:\Windows\System32\igfxpers.exe
(verified) Intel(R) Common User Interface 3604 C:\Windows\System32\igfxsrvc.exe
(verified) Microsoft® Windows® Operating System 3456 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 2380 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 3068 C:\Windows\explorer.exe
(verified) Microsoft® Windows® Operating System 3192 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 2912 C:\Windows\System32\taskeng.exe
(verified) Microsoft® Windows® Operating System 2480 C:\Windows\System32\wbem\unsecapp.exe
(verified) Microsoft® Windows® Operating System 1860 C:\Windows\System32\wuauclt.exe
(verified) RAID Event Monitor 1524 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

Network activity
----------------
Process chrome.exe (2120) connected on port 80 (HTTP) --> 184.50.255.139
Process chrome.exe (2120) connected on port 80 (HTTP) --> 74.125.228.70
Process chrome.exe (2120) connected on port 80 (HTTP) --> 74.125.228.77
Process chrome.exe (2120) connected on port 80 (HTTP) --> 66.235.142.20
Process chrome.exe (2120) connected on port 80 (HTTP) --> 74.125.228.70
Process chrome.exe (2120) connected on port 80 (HTTP) --> 74.125.228.77
Process chrome.exe (2120) connected on port 80 (HTTP) --> 173.194.73.99
Process chrome.exe (2120) connected on port 443 (HTTP over SSL) --> 74.125.228.105
Process chrome.exe (2120) connected on port 443 (HTTP over SSL) --> 74.125.228.46
Process chrome.exe (2120) connected on port 443 (HTTP over SSL) --> 74.125.228.43

Autoruns and critical files
---------------------------
Application C:\Program Files\Google\Chrome\Application
avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(unsigned) Dell Wireless WLAN Card Wireless Networ C:\Windows\System32\WLTRAY.EXE

(verified) Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
(verified) GoToAssist C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
(verified) IDT PC Audio C:\Program Files\IDT\WDM\sttray.exe
(verified) Intel(R) Common User Interface C:\Windows\System32\hkcmd.exe
(verified) Intel(R) Common User Interface C:\Windows\system32\igfxdev.dll
(verified) Intel(R) Common User Interface C:\Windows\System32\igfxpers.exe
(verified) Intel(R) Common User Interface C:\Windows\system32\igfxtray.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(verified) Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
(verified) Windows® Internet Explorer C:\Windows\System32\webcheck.dll

Browser plugins
---------------
avast! Antivirus C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
(unsigned) Java(TM) Platform SE 6 U27 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) Superfish IE extention. C:\Program Files\SuperFish\Superfish.dll
(unsigned) Yontoo Layers Runtime C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll

(verified) AcroIEHelperShim Library c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Bitdefender QuickScan C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Conduit Toolbar c:\program files\smilebox_en\prxtbsmil.dll
(verified) Facebook Photo Uploader 5 C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
(verified) Fast Search C:\Program Files\Surf Canyon\surfcanyon.dll
(verified) Freeze.com NetAssistant C:\Program Files\Freeze.com\NetAssistant\NetAssistant.dll
(verified) Google Update C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verified) HP Smart Web Printing C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Java(TM) Platform SE 6 U27 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
(verified) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(verified) Skype Toolbars C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
(verified) Software Manager C:\Windows\Downloaded Program Files\isusweb.dll
(verified) TestGen Plug-in 7.4 C:\Program Files\Internet Explorer\plugins\nptgeqplugin.dll
(verified) Windows Live Toolbar C:\Program Files\Windows Live\Toolbar\wltcore.dll
(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) xwrapper.ocx C:\Program Files\Internet Explorer\plugins\xwrapper.ocx

Scan
----
MD5: 4cc47e4fea86625fd5419d864e6a16d1 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: 6dbfcd6270bc91eaee1ccdfcb02e4378 C:\Program Files\Alwil Software\Avast5\1033\UILangRes.dll
MD5: 3a2cf698443ead2c14cf528b4f2a51a0 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: c5dbd35cf4eb0cb8e72a7b6da2edea51 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 44df3797cd24300ba70d94d61a0ddd4b C:\Program Files\Alwil Software\Avast5\AhAScr.dll
MD5: 1d716eb7bcc07f5b1ef442b13a5fddfe C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: c98fac19a0ffa2a65f2bd73fa2d9d693 C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: dea2847bfcd2bcce777c27db47a69eb8 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: 2566c94919f8f46215e38f3357011ebf C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: d77b93504cafe32d9051a241bdc21b33 C:\Program Files\Alwil Software\Avast5\aswAra.dll
MD5: 3c1513365eff8d185c5bb2bdebbe5d3a C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 46856447f0ebf2f7b2473660b056b419 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: 061e11a56cdcab73188e216280c05d66 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: 3c1ee2fffcbef877934efdf3a5c3bcb1 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: a4865dd58110a6455921d9b4f2d6d991 C:\Program Files\Alwil Software\Avast5\aswData.dll
MD5: 42a6dc8b861ef5bd6af8dc2cbd7df321 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: c97002a83722ad37a37a35cde3ff3ffa C:\Program Files\Alwil Software\Avast5\aswJsFlt.dll
MD5: 3079f9345ed39d0e9da1d5e8cc407235 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: 662e62f776a508ca4c997f7da8007769 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: 1d445e0fd43be0f81c07dffbf6ab92ec C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: 28f9344a4adfe21d1be8d05b2529df4a C:\Program Files\Alwil Software\Avast5\aswUtil.dll
MD5: 69985f4660a5e6ce99a603e492011d2f C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
MD5: 04ac21e821f259845bd7367cee057290 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: bad0d303ef0a519409c625738f3e10a3 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
MD5: c678f64dc988a4aacecddb459fdb7a25 C:\Program Files\Alwil Software\Avast5\CommonRes.dll
MD5: 695106df3c15a9ea30069cceceec2b66 C:\Program Files\Alwil Software\Avast5\defs\12100301\uiExt.dll
MD5: 2b460ca1ac9a2249c92e54e39a8acf42 C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 648ab52693d42c015d6062583b48d786 c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: c55c71d48c43d55b3eb6dd34d64d1376 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: bb4d7eee3647036153fd61f81a155972 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 7cfc00b4501a14cf369f869ab8e79e68 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: d389c7bd09a403857465509d20aa6e3c C:\Program Files\HP\Digital Imaging\Smart Web Printing\ClipBookDBComponent.dll
MD5: a24bb1432cd4f6e202dbb5428ea97a0d C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
MD5: b33ffec7dc55d0445897433c82ceef29 C:\Program Files\HP\Digital Imaging\Smart Web Printing\NeoLoggingLib.dll
MD5: b8e4d2756905157f0d034e1355c42d10 C:\Program Files\HP\Digital Imaging\Smart Web Printing\RsrcLoaderLib.dll
MD5: 6614a034bb3286ffbcf964267c14e93c C:\Program Files\HP\Digital Imaging\Smart Web Printing\SatelliteENU.dll
MD5: 6589c90ffc8eb543586a3099d09261f4 C:\Program Files\HP\Digital Imaging\Smart Web Printing\UtilityLib.dll
MD5: ee60cc0f6da08452ea145ef828a76b4f C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 919f9fae1f962299cd117923beb67246 C:\Program Files\Internet Explorer\IEShims.dll
MD5: ed65737d70fdeac29f738e77d2496ee5 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 41700402834f793a8c06731e5cfba62a C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: e9af8b12cffc04c0f4399ed8e4d3826e C:\Program Files\Microsoft Silverlight\xapauthenticodesip.dll
MD5: 50f97e500548de3125af531070750c69 C:\Program Files\Skype\Toolbars\Shared\SkypePnr.dll
MD5: 9d31f0f1ba84417c365f5b847e2c6681 C:\Program Files\SuperFish\Superfish.dll
MD5: a29e6a21171b933348eb1feab2ff1d73 C:\Program Files\Windows Live\Toolbar\wltuser.exe
MD5: 92844dc9edd088223445ed26a5475203 C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll
MD5: 10db58b1033afa6dd46e839f5ded99cf C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MD5: 1621c662b90cb1f3d59ebf420cb09bd8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
MD5: 8226e2331ff5e1178823d5bdfc45df36 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
MD5: baf950f3519342894c03334336be3982 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 87ef9db26692d20cd9c9f3ebb658bd64 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ee11e4fe19d61275246e5772bc1ec795 C:\Windows\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\Windows\System32\corpol.dll
MD5: 5665120753fce7123c4deace241ee715 C:\Windows\system32\DNSAPI.dll
MD5: 4805d9a6d281c7a7defd9094dec6af7d C:\Windows\System32\dnsrslvr.dll
MD5: 48eb99503533c27ac6135648e5474457 C:\Windows\system32\drivers\afd.sys
MD5: f76e51561562ac4105dbbe53fc99bc10 C:\Windows\system32\drivers\aswMonFlt.sys
MD5: 8153396d5551276227fa146900f734e6 C:\Windows\system32\DRIVERS\bowser.sys
MD5: a3e9fa213f443ac77c7746119d13feec C:\Windows\System32\Drivers\dfsc.sys
MD5: 5734a0f2be7e495f7d3ed6efd4b9f5a1 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6b5fa5adfacac9dbbe0991f4566d7d55 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 5c80d8159181c7abf1b14ba703b01e0b C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: 2252aef839b1093d16761189f45af885 C:\Windows\System32\DRIVERS\srv.sys
MD5: b7ff59408034119476b00a81bb53d5d1 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 2accc9b12af02030f531e6cca6f8b76e C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 5bb1b169530e1d48ab302ed086f5ecf9 C:\Windows\system32\IEFRAME.dll
MD5: 9f439371530a3e7b76c6851260ae4fb0 C:\Windows\system32\iepeers.dll
MD5: b86cb6276da2518d3501b4991e9ad4ce C:\Windows\system32\iertutil.dll
MD5: b2aa9fde39074713ed3bc9e523b470c7 C:\Windows\system32\IEUI.dll
MD5: 812b78d537e5ba9d8d25a66e20a37c35 C:\Windows\system32\jscript.dll
MD5: 263c2d26d30a60588774727a7e6b1088 C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_278.ocx
MD5: 380620c56b985289eec4032fd94ce333 C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.dll
MD5: 25f68fd48489448fa7183aa0d19b1925 C:\Windows\System32\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
MD5: f2dc1ce3a91c87e7995500e989a5d2f1 C:\Windows\system32\MFC42u.DLL
MD5: 7db516326ef135dc100f198f6ec341b3 C:\Windows\system32\msfeeds.dll
MD5: 6d1e32a3c964baf06b7973e7b18e3212 C:\Windows\system32\mshtml.dll
MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\Windows\system32\MSRATING.dll
MD5: c9bbf79621b518a0501a904927af399c C:\Windows\system32\ntdll.dll
MD5: cabe68b4ad2fec8c18e18f73303eb26f C:\Windows\system32\ODBC32.dll
MD5: 72442157eaf84c806392ec99652bcdc2 C:\Windows\system32\oleaccrc.dll
MD5: fa6bd25a5a65a6ff5be4385098e3bdef C:\Windows\system32\OLEAUT32.dll
MD5: f68e07f8aa19d60df2e7467d75448b3d C:\Windows\system32\Pdh.dll
MD5: 6528ee11efa77f8c8b1c6ead401f907f C:\Windows\system32\schannel.dll
MD5: 048b65ec931a39a5f42016be04775274 C:\Windows\system32\SHELL32.dll
MD5: 44338cab70f1db264d2f3f9f86a5d281 C:\Windows\system32\SHLWAPI.dll
MD5: 1e3fdb80e40a3ce645f229dfbdfb7694 C:\Windows\System32\shsvcs.dll
MD5: 45f40b53ec32daf51aabad4e0cd1fa0b C:\Windows\system32\urlmon.dll
MD5: de4685de5130039fa63da66c0f72f787 C:\Windows\system32\WININET.dll
MD5: 4b36c7d9710c60ea7725685753bbfa5c C:\Windows\System32\WLTRAY.EXE
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: 81e199bfe82c106d38f989674d0dec1f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.36 KB recvd
Scanned 714 files and modules - 41 seconds

==============================================================================


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE
You are missing the OTL Extras log. Most likely because it is only created on the initial run of OTL and the log you posted was Run 2. We'll get the Extra's log later in this post.

First:
Use Add/Remove Programs (Programs and Features) to uninstall the following:

DefaultTab
SuperFish
WeCareReminder
NetAssistant
SmileBox EN Toolbar
Yontoo Layers

Note: The logs show an inordinate number of 'garbage' toolbars installed. I suspect the computer owner is not paying attention when installing software since most (if not all) of the ones listed for removal come as an 'addon' when other software installed.

Perhaps a word to her is in order when you return the computer.


Second:

Please run OTL again. Make sure you select 'Use Safelist' in the Extra Registry Section before you start the scan. This will produce the Extras log.

Post both the new OTL and Extras log in this thread.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE

1 edit
Removed all programs you recommended to remove but had trouble with Yontoo Layers. Clicking uninstall with Yontoo highlighted gives me an error dialog box---Setup Initialization Error.

Edit: Super Fish was disguised as $(ADD_ON_NAME), just found it and just uninstalled it.

OTL

OTL logfile created on: 10/3/2012 11:47:25 AM - Run 3
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Margaret\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.30% Memory free
6.15 Gb Paging File | 4.83 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 84.02 Gb Free Space | 38.50% Space Free | Partition Type: NTFS
Drive D: | 15.01 Gb Total Space | 10.49 Gb Free Space | 69.84% Space Free | Partition Type: FAT32
Drive E: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.60% Space Free | Partition Type: NTFS

Computer Name: MARGARET-PC | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/10/03 11:45:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
PRC - [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/04/11 13:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 11:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/31 10:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 10:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 10:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/31 10:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/10/03 08:14:46 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
MOD - [2012/10/03 08:14:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
MOD - [2012/10/03 08:11:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2012/10/03 08:11:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2012/09/25 05:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 05:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 05:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 05:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 05:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 05:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 05:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 05:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2008/12/21 14:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/14 22:25:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/07/16 14:21:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 14:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
IE - HKLM\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.smilebox.com?a=6R8bmjazid
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {ABD93EAF-D775-BC54-E63B-2804F22FD156}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=06A4FD34-CCF6-4D01-87B4-295083218DC8&apn_sauid=F3232BE5-6679-46DD-8918-4DD226EC0F16
IE - HKCU\..\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}: "URL" = http://www.mysearchresults.com/search?&c=2634&t=03&q={searchTerms}
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111120&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = http://search.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120929&user_guid=66FBD8F0C0AE4E5282A40F78D83180A5&machine_id=5b1cc50cbba72c36dc8dfd92d79163f5&browser=IE&os=win&os_version=6.0-x86-SP1&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
IE - HKCU\..\SearchScopes\{BC2DBFC9-A6A6-4FF9-8C0C-288EC1258C48}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120835,6901,0,8,0
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.smilebox.com/?search={searchTerms}&loc=SB_DS&a=6R8bmjazid
IE - HKCU\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B881974-7A82-4EB1-B247-05C646574C11}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/10/03 11:45:37 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/03 11:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/03 11:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/10/03 09:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/03 07:40:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/10/03 06:06:35 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:03:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/10/03 05:01:50 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Roaming\QuickScan
[2012/10/02 09:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 09:40:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/02 09:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/29 12:48:14 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Local\StartNow
[2012/09/21 16:11:28 | 009,573,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/10/03 11:45:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/03 11:42:54 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 11:42:54 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 11:37:30 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 11:37:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 11:37:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/03 11:37:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 11:36:37 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 11:29:55 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/03 11:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/03 11:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 08:07:56 | 000,299,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/03 06:06:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/28 13:15:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/21 16:11:30 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 16:11:30 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 16:11:28 | 009,573,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/10/03 11:29:55 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/20 14:59:28 | 000,002,217 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/11/20 14:19:11 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/11/20 13:43:19 | 000,116,218 | ---- | C] () -- C:\Users\Margaret\Blast Cells.jpg
[2010/11/07 12:53:55 | 000,000,255 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/26 18:32:19 | 000,000,113 | ---- | C] () -- C:\Users\Margaret\webct_upload_applet.properties
[2010/07/15 19:58:59 | 000,000,552 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d8caps.dat
[2009/10/12 22:43:14 | 000,024,206 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\UserTile.png
[2009/08/31 15:54:19 | 000,006,756 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d9caps.dat
[2009/08/29 19:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/25 23:13:18 | 000,000,468 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\wklnhst.dat
[2009/08/19 19:01:09 | 000,034,304 | ---- | C] () -- C:\Users\Margaret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/16 16:40:42 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/05 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\FrostWire
[2009/10/12 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\PeerNetworking
[2012/10/03 10:39:03 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\QuickScan
[2009/08/25 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Template
[2009/10/19 11:19:47 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]

Extras

OTL Extras logfile created on: 10/3/2012 11:47:25 AM - Run 3
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Margaret\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 57.30% Memory free
6.15 Gb Paging File | 4.83 Gb Available in Paging File | 78.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 84.02 Gb Free Space | 38.50% Space Free | Partition Type: NTFS
Drive D: | 15.01 Gb Total Space | 10.49 Gb Free Space | 69.84% Space Free | Partition Type: FAT32
Drive E: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.60% Space Free | Partition Type: NTFS

Computer Name: MARGARET-PC | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Unable to open value key File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Unable to open value key
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BAEDD91-F1AF-486F-A5E6-DAE01C7B124F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E93A17CC-7F87-48D5-8EB9-707E324B5F32}" = lport=2869 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01943136-03D2-4AF9-8EDE-3065BCFE66B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{040E8689-6EEE-4899-8780-70FC44733241}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{07D38539-2CF7-460F-95B4-8C6E060C8017}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{0C441A77-94C9-498C-8F07-0ABF806E97D0}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{1977EB75-18E4-4256-B4AC-3CC208EBB531}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{1C9257DF-8541-4EB6-8F64-17761C85420B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{1D357628-67B3-43AE-BC6D-489FE970F54B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{27FB10E5-B2C2-444E-A84C-C1E27BDD1B34}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{28E276C0-2495-4098-BD58-A5565B3B26F5}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{447E83B5-4A76-4E74-BC84-91E602B48FF0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{51F5DEBF-5758-421B-9D4C-53D25D018C08}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{53B69339-8605-4005-8556-80F2128E0E66}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{562A4787-78D6-4CDD-989A-9FF06E944564}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{5798D4AC-6E8B-4367-847F-281BCF0A46E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{69203496-884C-4C1E-AB98-4981E7A55B8C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{717AE7C9-C2EB-4FCC-B011-C348AC1DB5ED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{792F01D2-A84A-4F8F-B289-20E15410B754}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{84DB9CC5-9E9F-46B4-BAC1-FA2603FCB42E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8DBD2CC5-1538-4E35-AF27-5C0881E2A862}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{95898732-9B4B-42BD-AF8D-E64855153CC7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{9782A0FE-E86B-48C5-B372-10E940B1BBE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{A0F04596-5CDD-43B4-BA65-9ED62CCC4C3F}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A8F4A67A-180F-4E8A-8576-A65BE7B7F59D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{AA9009EC-9217-4F93-BE27-9206596B8A47}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B05B8D9A-E511-493A-8B1A-8B64D9F9EED2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B437622E-DFED-4313-9294-32904EC3199B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{C1167FCE-ED8D-4826-B480-9CFBCDA60044}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C2B313D8-9392-426A-AEA2-B61282BCD307}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CA0BEFF0-9C03-4511-93C1-973D4D9CECED}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"TCP Query User{73E073D7-7627-4965-8B3C-90A0C88698E6}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"UDP Query User{56F13038-6C93-40BF-A20B-6AF88E30297C}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{1087BD66-01A3-40EA-949F-CD511E5189AA}" = TEAM MANAGER Lite 5.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 27
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{459f39ae-fa19-4722-a6cf-b0e80ee2a21f}" = PS_AIO_05_C4600_Software_Min
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{54C7CFA4-9DDD-40c7-A58F-AF0E7916848C}" = HPPhotoGadget
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73298097-637a-47cd-9a41-0b78288e5562}" = C4600
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{a71b2005-36ef-4ee5-8059-02deb367cb98}" = EZ Calendar
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DC245BDC-9974-4fe0-8A9F-6031C26E2DC7}" = HP Photosmart C4600 All-In-One Driver Software 12.0 Rel .5
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Driver Performer_is1" = Driver Performer
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"ShapeCollage" = Shape Collage
"SuperFish" = ${ADD_ON_NAME}
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Software Update" = Yahoo! Software Update

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"FoxTab PDF Creator" = FoxTab PDF Creator

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 8/9/2010 4:44:14 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13089

Error - 8/9/2010 4:44:14 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13089

Error - 8/9/2010 4:44:15 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/9/2010 4:44:15 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14087

Error - 8/9/2010 4:44:15 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14087

Error - 8/9/2010 6:19:42 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/9/2010 6:19:42 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5741851

Error - 8/9/2010 6:19:42 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5741851

Error - 8/9/2010 6:20:59 PM | Computer Name = Margaret-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 8/9/2010 7:17:31 PM | Computer Name = Margaret-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ Broadcom Wireless LAN Events ]
Error - 7/24/2012 11:40:37 AM | Computer Name = Margaret-PC | Source = WLAN-Tray | ID = 0
Description = 11:40:29, Tue, Jul 24, 12 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 10/11/2009 11:20:02 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/26/2009 10:48:41 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 1/9/2010 4:33:43 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/8/2010 7:16:19 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 2/13/2011 5:46:55 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 4/7/2011 3:12:36 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/16/2012 5:27:15 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 8:42:05 PM | Computer Name = Margaret-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 10/13/2009 5:54:19 PM | Computer Name = Margaret-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5183
seconds with 1500 seconds of active time. This session ended with a crash.

Error - 4/30/2010 6:33:52 PM | Computer Name = Margaret-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8357
seconds with 3780 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 8:16:05 AM | Computer Name = Margaret-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 10/3/2012 11:37:29 AM | Computer Name = Margaret-PC | Source = HTTP | ID = 15016
Description =

Error - 10/3/2012 11:37:43 AM | Computer Name = Margaret-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 10/3/2012 11:37:43 AM | Computer Name = Margaret-PC | Source = Service Control Manager | ID = 7000
Description =


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE
Thanks.

First:

For the left over Yontoo problem, you can try Spybot S&D and see if the removes the remains. Once done, you can leave Spybot installed (with no active parts), or remove, at your discretion.

Here is a link to the Spyobt S&D Yontoo removal instructions:
»forums.spybot.info/showthread.ph ··· ?t=62640

Second:

Time to remove the leftovers the uninstallers missed..

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
IE - HKCU\..\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}: "URL" = »www.mysearchresults.com/search?&···chTerms}
IE - HKCU\..\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}: "URL" = »search.startnow.com/s/?q={search···:source}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = »search.conduit.com/ResultsExt.as···T3061355
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = »mystart.smilebox.com/?search={se···8bmjazid
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F897EB0E-A3A4-46C3-80EB-2729699D8892} - No CLSID value found.
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Third:
Once we have the computer cleaned and the programs we asked you to install and run, you need to run Windows Update and install Vista SP 2. DON'T INSTALL SP2 until we have cleaned up!

If this computer had been infected beyond the annoying toolbars, the only instructions I would have given would be to reformat and reinstall.

Not keeping a compute current with the Service Packs and Updates released by Microsoft leaves no choice but to consider a deficient computer as compromised.

Please impress the owner with the importance of keeping the computer current.

See here for info on compromised computers:
»Security Cleanup FAQ »Noteworthy Comments About Compromised Computers
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE
1. Ran Spybot S & D, didn't totally remove Yontoo, but will follow the directions to the page you linked to attempt to remove the rest.

2. Ran OTL with the pasted commands, here's the log...

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5B35BDCF-EF6D-4CC4-83BA-58D793B8B35D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABD93EAF-D775-BC54-E63B-2804F22FD156}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.
File C:\Program Files\SuperFish\Superfish.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ not found.
File C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F897EB0E-A3A4-46C3-80EB-2729699D8892} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F897EB0E-A3A4-46C3-80EB-2729699D8892}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}\ not found.
File C:\Program Files\SuperFish\Superfish.dll not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Margaret
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6461390 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1338 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11855224 bytes

Total Files Cleaned = 18.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Margaret
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.70.1 log created on 10032012_145536

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

3. It's a loooonnnggg story about Vista Service Pack 2 for this Dell laptop. Jan. 2011 when I was last dealing with issues with this laptop I did try to install Svc Pack 2 but after googling for three days and visiting countless forums and reading about other users having the same problem...I threw up my hands and gave up. As far as I can gather it's an OEM issue and Dell refuses to do anything about. After every install of SP2 the computer reboots and says SP2 install was unsuccessful and reverts back to SP1 (which I believe was pre-installed on purchase).
If you have a suggestion or a link I'd be happy to check it out.
Thanks for all your help.


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast
reply to vzDE
Thanks. Since it's apparently a Dell issue, I'll leave it to you to decide whether to attempt Vista SP2 installation.

You may want to suggest a Windows 7 upgrade to the computer owner. It will let her get current with MS Updates and is indeed a superior OS.

One final check and we can move on to cleanup, unless there are other issues that still need attention.

Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE
'Lo, thanks for your help. I've impressed on the young lady before that downloading programs with sorta' hidden trash toolbars is never a good thing. The young lady this computer belongs to is in her third year of college and hopes it makes it through another year (at least her mother hopes so). As far as the SP2 issue, I threw up my hands last year and they're still over my head. Well, the laptop does seem to be working much better with all your help so here is the OTL file.

OTL logfile created on: 10/4/2012 11:13:43 AM - Run 4
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Users\Margaret\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 53.18% Memory free
6.15 Gb Paging File | 4.77 Gb Available in Paging File | 77.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 81.59 Gb Free Space | 37.39% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.60% Space Free | Partition Type: NTFS

Computer Name: MARGARET-PC | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012/10/03 11:45:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
PRC - [2012/09/25 05:43:01 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2009/04/11 13:59:39 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/31 11:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe
PRC - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe
PRC - [2009/03/31 10:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/03/31 10:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/03/31 10:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/03/31 10:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/05/07 18:41:12 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012/10/03 08:14:46 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\f8694104e62a8182b9fbbae0e5173fcf\System.Web.ni.dll
MOD - [2012/10/03 08:14:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\dee800943eedfcd6120a7b56f0887fb0\System.Runtime.Remoting.ni.dll
MOD - [2012/10/03 08:11:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\a9288099fbc6849c6c7523745b4f64f4\System.ni.dll
MOD - [2012/10/03 08:11:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a189480a53deaaf80a820de30553259b\mscorlib.ni.dll
MOD - [2012/09/25 05:42:58 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 05:42:57 | 012,278,808 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 05:42:55 | 004,005,912 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 05:41:39 | 000,578,072 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 05:41:38 | 000,123,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 05:41:27 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 05:41:26 | 000,275,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 05:41:24 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2008/12/21 14:32:38 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/08/14 22:25:46 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009/07/16 14:21:57 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/01 13:13:32 | 000,602,792 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2009/03/31 11:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009/03/31 11:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009/01/30 01:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/05/07 18:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/03/31 11:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/03/31 10:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/12/21 14:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/11/04 19:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/01/20 22:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/01/15 18:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3061355
IE - HKLM\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://mystart.smilebox.com?a=6R8bmjazid
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FTB&o=41648106&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=9C&apn_dtid=YYYYYYYYUS&apn_uid=06A4FD34-CCF6-4D01-87B4-295083218DC8&apn_sauid=F3232BE5-6679-46DD-8918-4DD226EC0F16
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z128&form=ZGAIDF&install_date=20111120&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{BC2DBFC9-A6A6-4FF9-8C0C-288EC1258C48}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120835,6901,0,8,0
IE - HKCU\..\SearchScopes\{F730A70D-FB72-4D2E-BF6D-19D9931D50DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

[color=#E56717]========== FireFox ==========[/color]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/08/28 12:01:43 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Gmail = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TaskTray] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B881974-7A82-4EB1-B247-05C646574C11}: DhcpNameServer = 192.168.1.1 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Margaret\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{2d2336bb-a2cc-11de-9b3a-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{6cd71e46-2a11-11df-ac92-00256442d824}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell - "" = AutoRun
O33 - MountPoints2\{88726ffc-31b9-11df-869b-00256442d824}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012/10/03 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/03 13:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/03 13:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/10/03 13:22:25 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Margaret\Desktop\spybotsd162.exe
[2012/10/03 11:45:37 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/03 11:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/03 11:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/10/03 09:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/03 07:40:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2012/10/03 06:06:35 | 000,729,752 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/03 06:03:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/10/03 05:01:50 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Roaming\QuickScan
[2012/10/02 09:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/02 09:40:42 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/02 09:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/29 12:48:14 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Local\StartNow
[2012/09/21 16:11:28 | 009,573,296 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012/10/04 11:13:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 11:13:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/04 11:10:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/04 11:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/03 21:10:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/03 15:21:00 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/03 15:21:00 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/03 15:13:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/03 15:13:08 | 3181,760,512 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/03 14:08:30 | 000,000,196 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/03 13:23:35 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Margaret\Desktop\spybotsd162.exe
[2012/10/03 11:45:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Desktop\OTL.exe
[2012/10/03 11:29:55 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/10/03 08:07:56 | 000,299,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/10/03 06:06:35 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/28 13:15:32 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/09/21 16:11:30 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/21 16:11:30 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/21 16:11:28 | 009,573,296 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012/10/03 14:08:30 | 000,000,196 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/03 11:29:55 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/11/20 14:59:28 | 000,002,217 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/11/20 14:19:11 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011/11/20 13:43:19 | 000,116,218 | ---- | C] () -- C:\Users\Margaret\Blast Cells.jpg
[2010/11/07 12:53:55 | 000,000,255 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/09/26 18:32:19 | 000,000,113 | ---- | C] () -- C:\Users\Margaret\webct_upload_applet.properties
[2010/07/15 19:58:59 | 000,000,552 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d8caps.dat
[2009/10/12 22:43:14 | 000,024,206 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\UserTile.png
[2009/08/31 15:54:19 | 000,006,756 | ---- | C] () -- C:\Users\Margaret\AppData\Local\d3d9caps.dat
[2009/08/29 19:39:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/25 23:13:18 | 000,000,468 | ---- | C] () -- C:\Users\Margaret\AppData\Roaming\wklnhst.dat
[2009/08/19 19:01:09 | 000,034,304 | ---- | C] () -- C:\Users\Margaret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/16 16:40:42 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[color=#E56717]========== LOP Check ==========[/color]

[2011/01/05 12:09:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\FrostWire
[2009/10/12 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\PeerNetworking
[2012/10/03 10:39:03 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\QuickScan
[2009/08/25 23:13:20 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Template
[2009/10/19 11:19:47 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Windows Live Writer

[color=#E56717]========== Purity Check ==========[/color]


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to vzDE
Ok, we're good to go. Only thing left to do is cleanup and we're done!

Cleaning Up:

Delete TFC:
  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

vzDE

join:2006-11-23
Newark, DE

1 recommendation

Once again, thanks for all the help.