Jump to content

Recommended Posts

Hello RobGn! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/paste in your next reply.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

  • :\_OTL\MovedFiles
    • in most cases this will be C:\_OTL\MovedFiles

Link to post
Share on other sites

Hi Maniac,

Ran OTL, here are the results.

OTL logfile created on: 12/1/2011 7:04:09 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gwenco\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 61.27% Memory free

6.72 Gb Paging File | 5.16 Gb Available in Paging File | 76.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 390.62 Gb Total Space | 221.17 Gb Free Space | 56.62% Space Free | Partition Type: NTFS

Drive D: | 540.88 Gb Total Space | 492.64 Gb Free Space | 91.08% Space Free | Partition Type: NTFS

Drive G: | 39.06 Gb Total Space | 9.79 Gb Free Space | 25.06% Space Free | Partition Type: NTFS

Drive H: | 35.46 Gb Total Space | 15.99 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Drive J: | 298.02 Gb Total Space | 127.80 Gb Free Space | 42.89% Space Free | Partition Type: FAT32

Computer Name: ROBCO-PC | User Name: Gwenco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gwenco\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)

PRC - C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe (SRS Labs, Inc.)

PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)

PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

PRC - C:\Windows\System32\atieclxx.exe (AMD)

PRC - C:\Windows\System32\atiesrxx.exe (AMD)

PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Windows\System32\atitmpxx.dll ()

========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Eastman Kodak Company)

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (SRSHDAudioService) -- C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe (SRS Labs, Inc.)

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)

SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()

SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)

SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)

SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)

SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (SRS_AE_Service) -- C:\Windows\System32\drivers\SRS_AE_i386.sys ()

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)

DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)

DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)

DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)

DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (Promise Technology, Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E2 5F 89 C4 5B AF CC 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/11/30 19:18:04 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/06/27 05:04:19 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/30 21:23:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/30 21:23:57 | 000,000,000 | ---D | M]

[2010/06/28 14:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gwenco\AppData\Roaming\Mozilla\Extensions

[2010/06/28 14:56:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gwenco\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/07/19 04:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gwenco\AppData\Roaming\Mozilla\Firefox\Profiles\i7p03rvf.default\extensions

[2010/06/30 12:58:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gwenco\AppData\Roaming\Mozilla\Firefox\Profiles\i7p03rvf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/11/09 18:08:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/11/09 18:08:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/11/09 18:08:28 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2006/10/26 22:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL

[2011/08/30 15:33:42 | 000,095,672 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2011/11/30 21:23:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2011/11/30 21:23:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2011/11/30 21:23:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2011/11/30 21:23:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2011/11/30 21:23:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2011/11/30 21:23:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2011/11/30 21:23:57 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2011/08/11 22:16:35 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/08/11 22:16:35 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2011/08/11 22:16:35 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2011/11/09 18:08:28 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

[2011/08/11 22:16:35 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2011/08/11 22:16:35 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110625111731.dll (McAfee, Inc.)

O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)

O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sRSAENotifier] C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe (SRS Labs, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Gwenco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} https://intranet.mscdirect.com/TN5250/matn5250.cab (Matn5250 Control)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F446AA8B-54F0-49DF-A5E1-793C82D2564F}: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Gwenco\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Gwenco\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O29 - HKLM SecurityProviders - (credssp.dll) -C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) -C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) -C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) -C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) -C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) -C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2004/12/24 20:25:52 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - J:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{96f41419-7e80-11df-b10a-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{96f41419-7e80-11df-b10a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 07:02:01 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Gwenco\Desktop\OTL.exe

[2011/11/30 21:23:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/11/30 21:23:03 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/11/30 21:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/11/30 21:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/11/30 21:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/11/30 19:21:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Gwenco\Desktop\dds.scr

[2011/11/30 19:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2011/11/30 19:02:57 | 000,000,000 | ---D | C] -- C:\Users\Gwenco\AppData\Roaming\Malwarebytes

[2011/11/30 19:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/11/30 19:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/11/30 19:02:48 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/11/30 19:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2011/12/01 07:06:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/12/01 07:01:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Gwenco\Desktop\OTL.exe

[2011/12/01 07:00:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/12/01 06:59:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/11/30 23:18:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/11/30 23:18:09 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/11/30 21:19:09 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk

[2011/11/30 21:19:09 | 000,001,854 | ---- | M] () -- C:\Users\Gwenco\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/11/30 21:16:33 | 000,001,776 | ---- | M] () -- C:\Windows\System32\mapisvc.inf

[2011/11/30 21:14:39 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/11/30 19:24:53 | 000,735,770 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/11/30 19:24:53 | 000,146,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/11/30 19:21:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Gwenco\Desktop\dds.scr

[2011/11/30 19:18:05 | 3488,079,872 | -HS- | M] () -- C:\hiberfil.sys

[2011/11/30 18:31:43 | 000,000,000 | ---- | M] () -- C:\Users\Gwenco\Desktop\rkill.com.qf5pn2w.partial

[2011/11/30 07:41:57 | 000,015,360 | ---- | M] () -- C:\Users\Gwenco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/30 07:22:32 | 000,352,640 | ---- | M] () -- C:\ProgramData\8G3qYr1B7MhISK.exe

[2011/11/30 07:16:44 | 000,446,336 | ---- | M] () -- C:\ProgramData\vMttfGqwJXmmgo.exe

[2011/11/27 03:32:52 | 290,292,208 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011/11/30 21:19:09 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk

[2011/11/30 21:19:09 | 000,001,854 | ---- | C] () -- C:\Users\Gwenco\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

[2011/11/30 21:14:39 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/11/30 18:31:43 | 000,000,000 | ---- | C] () -- C:\Users\Gwenco\Desktop\rkill.com.qf5pn2w.partial

[2011/11/30 07:22:32 | 000,352,640 | ---- | C] () -- C:\ProgramData\8G3qYr1B7MhISK.exe

[2011/11/30 07:19:51 | 000,446,336 | ---- | C] () -- C:\ProgramData\vMttfGqwJXmmgo.exe

[2011/09/15 19:57:15 | 000,404,256 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AE_i386.sys

[2010/10/27 02:13:04 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll

[2010/10/26 16:27:30 | 000,015,360 | ---- | C] () -- C:\Users\Gwenco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/22 18:27:52 | 000,223,990 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010/09/17 18:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

[2010/06/28 05:20:06 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/06/28 05:20:06 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/06/28 05:19:42 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2010/06/24 05:09:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/06/22 23:57:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2009/09/17 17:20:52 | 000,000,056 | ---- | C] () -- C:\Program Files\Visit The Windows Club.URL

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2008/06/03 05:02:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2008/03/06 02:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe

[2006/11/02 07:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:43 | 000,389,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 05:33:01 | 000,735,770 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,146,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/11/30 19:16:53 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B

< End of report >

_____________________________________________________________________________________

OTL Extras logfile created on: 12/1/2011 7:04:10 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Gwenco\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 61.27% Memory free

6.72 Gb Paging File | 5.16 Gb Available in Paging File | 76.88% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 390.62 Gb Total Space | 221.17 Gb Free Space | 56.62% Space Free | Partition Type: NTFS

Drive D: | 540.88 Gb Total Space | 492.64 Gb Free Space | 91.08% Space Free | Partition Type: NTFS

Drive G: | 39.06 Gb Total Space | 9.79 Gb Free Space | 25.06% Space Free | Partition Type: NTFS

Drive H: | 35.46 Gb Total Space | 15.99 Gb Free Space | 45.10% Space Free | Partition Type: NTFS

Drive J: | 298.02 Gb Total Space | 127.80 Gb Free Space | 42.89% Space Free | Partition Type: FAT32

Computer Name: ROBCO-PC | User Name: Gwenco | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09EE1891-C9BC-4767-ACCC-D78E8F1E14D3}" = rport=445 | protocol=6 | dir=out | app=system |

"{13F19166-1911-4C54-8DA7-8396E43DA30E}" = rport=138 | protocol=17 | dir=out | app=system |

"{28D60EB4-B245-411C-9639-3ABD7EDBFD46}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{2ACEAC3A-62A3-4782-9F66-52B4399D2376}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{35E4126B-D4DC-4DC1-87B7-D661B2E13113}" = lport=137 | protocol=17 | dir=in | app=system |

"{44D2CD38-48A7-4FDF-8280-D91408623B77}" = rport=139 | protocol=6 | dir=out | app=system |

"{57D12E5F-002B-455C-90FD-BFC98D3D6686}" = rport=137 | protocol=17 | dir=out | app=system |

"{9388263A-B8F7-49A4-9FDE-0FDC5A03FF8B}" = lport=445 | protocol=6 | dir=in | app=system |

"{A3C76551-5A5A-452F-AC24-E951160FF10F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

"{B2AC09A9-2326-4B05-8153-E9A00D0E698A}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |

"{BCE082D1-4FCF-4E09-BFEF-51CD6682A992}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |

"{C7FD1B93-258D-4278-870E-2A09C700333E}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{CC869A37-8E87-43A0-8F43-6C8BD7997A80}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |

"{D42479E7-587C-426F-BB56-8CB67772C860}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{DE3490A4-36BB-42D2-87D2-9B7D446CA23C}" = lport=139 | protocol=6 | dir=in | app=system |

"{DFAFACE0-B275-4253-A761-A54F71CE06DA}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |

"{F52BC9F1-968C-4DC9-8377-A28168FF581E}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1088A41B-7DBE-4539-84A4-D54E06955940}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |

"{233E7835-2259-4F85-A30B-9688DC98F0E6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{5EA4D944-8117-4865-A90F-CB5F583045C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{650AA984-CC1D-4443-9566-88FE53851B3F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{70097A9B-2794-4FCC-BCEE-38DB9C95DA29}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{70698225-EFEB-4A22-9F2F-C811159D871B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{720B4F92-3E2B-4C9B-8125-C686F0F93F77}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{772951FC-38A7-4135-A000-98FB26FCBDC2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{77EBC41C-0CA6-4B4B-B241-1F14568284C4}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{7F9F443B-87CB-43BC-91B2-BC6EE2389B9E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{8021CBB3-E17D-4343-A51B-91B5E4FCEB41}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{91B79C78-13BB-42A0-9F83-D74C1B66BACE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{AA87F64C-00A4-426D-98E4-41D10186E97F}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe |

"{AECE71DF-6D0D-40F5-9A27-EF8AA2254395}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |

"{C889D2A6-8470-4E26-836E-E6FEB8868EB9}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |

"{CB0F5D12-170C-4A9A-AAF7-0BCF3BBA921F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |

"{D1B03A0B-E3FD-44A8-B302-4E65EED1DDD1}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |

"{D4811883-1DCB-4326-9BB2-DB9CC9A27DEF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |

"{D5CD668F-4F6C-4CC6-A40B-1F48EB979ECF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe |

"{D6CFEE66-E44C-49DF-A560-1CD4E5BA181D}" = protocol=6 | dir=in | app=c:\users\robco\appdata\local\temp\~os46b1.tmp\rlvknlg.exe |

"{E7002602-ECDC-4C86-AE49-3C2B8EEF0CB3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{F798F466-00E8-4A3E-A8CE-E7FDFDF02478}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{FFD34CDD-DFA8-4C46-BF6A-E924522F7046}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{6BB6EADF-9E40-4FBA-9115-D946EAF1EB1E}C:\program files\wysiwyg release 25 demo and viewer\bin\wygdemo.exe" = protocol=6 | dir=in | app=c:\program files\wysiwyg release 25 demo and viewer\bin\wygdemo.exe |

"TCP Query User{758BB2BB-53D0-46D2-8DEE-CC0A83023A94}C:\users\robco\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\robco\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"TCP Query User{8CF11920-F1D6-470A-AD72-7DEBEB31DE34}C:\program files\lightfactoryv2\lightfactory.exe" = protocol=6 | dir=in | app=c:\program files\lightfactoryv2\lightfactory.exe |

"UDP Query User{561D3D7F-9350-4EF8-ADC1-DF6A2EA833A0}C:\users\robco\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\robco\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{95625B53-DFAD-4C4F-BD6F-715532F96569}C:\program files\lightfactoryv2\lightfactory.exe" = protocol=17 | dir=in | app=c:\program files\lightfactoryv2\lightfactory.exe |

"UDP Query User{E0D0906A-C654-4725-89E0-C8BC605F3FB7}C:\program files\wysiwyg release 25 demo and viewer\bin\wygdemo.exe" = protocol=17 | dir=in | app=c:\program files\wysiwyg release 25 demo and viewer\bin\wygdemo.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 24

"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer

"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes

"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{376348C2-E372-48BC-A138-E896757BD86A}" = aioscnnr

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager

"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{56BA241F-580C-43D2-8403-947241AAE633}" = center

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101

"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B39177F9-269D-4A9B-82F2-7A48589CCCEF}" = Garmin WebUpdater

"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials

"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr

"{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq

"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Software

"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari

"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud

"{FF28E4EC-A491-4A9B-8619-DD5CD80D4ADA}" = SRS Audio Essentials

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 9.20

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12

"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)

"COH" = City of Villains/City of Heroes (remove only)

"DFX for Windows Media Player" = DFX for Windows Media Player

"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.95

"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16

"GTR Evolution_1.1.1.2_is1" = GTR Evolution

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Inkscape" = Inkscape 0.48.1

"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"MSC" = McAfee SecurityCenter

"PhotoScape" = PhotoScape

"Prism" = Prism Video File Converter

"PUBLISHERR" = Microsoft Office Publisher 2007

"The KMPlayer" = The KMPlayer (remove only)

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"VLC media player" = VLC media player 1.1.5

"WinGimp-2.0_is1" = GIMP 2.6.11

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Thank You, Rob

Link to post
Share on other sites

  • Run OTL.exe
  • Under Custom Scans/Fixes post the following script:

:OTL
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
[2011/11/30 07:22:32 | 000,352,640 | ---- | M] () -- C:\ProgramData\8G3qYr1B7MhISK.exe
[2011/11/30 07:16:44 | 000,446,336 | ---- | M] () -- C:\ProgramData\vMttfGqwJXmmgo.exe
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C895616B

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log".
  • Please post that log in your next reply.

Link to post
Share on other sites

Here you go

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.

C:\ProgramData\8G3qYr1B7MhISK.exe moved successfully.

File move failed. C:\ProgramData\vMttfGqwJXmmgo.exe scheduled to be moved on reboot.

File move failed. C:\Windows\mib.bin scheduled to be moved on reboot.

ADS C:\ProgramData\TEMP:C895616B deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: BladeRunner

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33451 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Gwenco

->Temp folder emptied: 4996041 bytes

->Temporary Internet Files folder emptied: 293425461 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 148200028 bytes

->Flash cache emptied: 12909 bytes

User: Julia

User: Public

User: Robco

->Temp folder emptied: 478428149 bytes

->Temporary Internet Files folder emptied: 587276121 bytes

->Java cache emptied: 13784452 bytes

->FireFox cache emptied: 41827304 bytes

->Apple Safari cache emptied: 13267968 bytes

->Flash cache emptied: 1071870 bytes

User: RobertGreenCo

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 73401108 bytes

RecycleBin emptied: 28243919 bytes

Total Files Cleaned = 1,606.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12012011_214342

Files\Folders moved on Reboot...

File\Folder C:\ProgramData\vMttfGqwJXmmgo.exe not found!

File move failed. C:\Windows\mib.bin scheduled to be moved on reboot.

C:\Windows\temp\sqlite_3gh0cPZalr6hHjO moved successfully.

C:\Windows\temp\sqlite_7TZZADyftFELhjr moved successfully.

C:\Windows\temp\sqlite_w2w2Htk112nREWZ moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update" tab and select Check for Updates.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

  1. Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
  2. Tick the box next to YES, I accept the Terms of Use
  3. Click Start
  4. When asked, allow the ActiveX control to install
  5. Click Start
  6. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  7. Click Scan (This scan can take several hours, so please be patient)
  8. Once the scan is completed, you may close the window
  9. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  10. Copy and paste that log as a reply to this topic

In your next reply, please post the following log files:

  • Malwarebytes' Anti-Malware log
  • ESET Online Scanner log

Link to post
Share on other sites

Here you go.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8297

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

12/3/2011 8:31:52 AM

mbam-log-2011-12-03 (08-31-52).txt

Scan type: Quick scan

Objects scanned: 185236

Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

________________________________________________________________

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post to your next post.

Link to post
Share on other sites

Looks Great! Thank you very much!

Going forward, what should I be using for internet protection in addition to what I am using? I am only using the McAfee version that comes with our ATT internet service. your recommendation would be appreciated.

Thanks, Rob

Link to post
Share on other sites

You have full protection - antivirus, antispyware and firewall. Use of this combination and Malwarebytes' Anti-Malware. In addition, below I will offer an alternative browser and other tips which are important for security too.

I have good news for you => Your system is clean now! :)

Here are some tips to prevent future malware problems:

You need to ensure that you have the latest versions of: Adobe Reader and Java. Before you download and install the latest versions is important to uninstall them, so for this purpose: Click Start => Control Panel => Add or Remove Programs highlight them and click on Remove button. Next, click on each of the programs to download it:

Slowly and carefully install applications and then restart your computer.

Let the cleaning tools we use. First get rid of OTL:

  1. Double-click OTL.exe to start the program.
  2. Close all other programs apart from OTL as this step will require a reboot
  3. On the OTL main screen, press the CLEANUP button
  4. Say Yes to the prompt and then allow the program to reboot your computer.

At this stage, you don't need the online scanner, so:

To remove the ESET Online Scanner components from your computer, start the Add or Remove Programs applet from Control Panel, select the ESET Online Scanner entry and click Remove. A restart may be required to complete uninstallation.

Please manually delete Kaspersky AVP, Unhide.exe and vista-32-sm-reset.exe.

Some quick tips:

  1. Alternative browser - Due to the large market share of Internet Explorer, it is a top target of the writers of malware, so we recommend using an alternative browser. There are many better alternatives to Internet Explorer regarding security, features and speed such as:

[*]Program updates - Updating the software is really important for the productivity, but also for their security. Here is an application that will help in checking the new versions and updates for your programs. It is called FileHippo Update Checker and you can download it from here.

[*]Clear old system restore points - Once your system is infected as a result there will be infected restore points that need to be cleaned.

  1. Open Start => All Programs => Accessories => System tools => Disk Cleanup.
  2. In the Drop down box that appears select your main drive e.g. C:\
  3. Click OK.
  4. The System will do some calculation and display a dialogue box with TABS.
  5. Select the More Options tab.
  6. At the bottom will be a system restore box with a CLEANUP button. Click on it.
  7. Accept the Warning and select OK again, the program will close and you are done.

[*]Create a new system restore point - Now that everything is fine, it is necessary to create a new restore point to restore your system to an earlier stage in case you get a problem. Do the following:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  2. In the System Restore dialog box, click Create a restore point, and then click Next.
  3. Type a description for your restore point, such as "After Cleanup", then click Create.

Safe surfing! ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.