Jump to content

browser redirects to search-results . com and windows time wrong


Recommended Posts

Post Merged

We look for post with 0 replies, so when you reply to your own topic, we assume you're being helped.

Please be patient, someone will assist you as soon as possible.

Hi, your assistance would be much appreciated on web searches being redirected to search-results.com and also the windows time being wrong. The system has had a number of viruses recently. Additionally, Internet explorer 9 has had some breakpoint errors as well such as "(0x80000003) occurred in the application at location 0x77d5801d."

Thank you.

Here are the logs; thank you for any help.

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Michael at 18:45:00 on 2012-07-21

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3040.1644 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

c:\program files (x86)\idt\apple_v50\wdm\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\AirPort\APAgent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\RunDll32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_uninst_.lnk - C:\Users\Michael\AppData\Local\temp\_uninst_.bat

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: microsoft.com\office

Trusted Zone: microsoft.com\update

Trusted Zone: office.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 74.5.116.246 205.244.194.36

TCP: Interfaces\{BE079FC1-E635-4995-AF77-4C7C38F32FE2} : DhcpNameServer = 74.5.116.242 74.5.116.246

TCP: Interfaces\{CCADE9DC-1763-4062-BA5A-00EF95BF4B13} : DhcpNameServer = 74.5.116.246 205.244.194.36

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\gql8e4vd.default\

FF - prefs.js: browser.search.selectedEngine - Ask.com

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]

R0 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]

R0 DwProt;DrWeb Protection;C:\Windows\system32\drivers\dwprot.sys --> C:\Windows\system32\drivers\dwprot.sys [?]

R0 eBoost;eBoostr caching filter driver;C:\Windows\system32\drivers\eBoost.sys --> C:\Windows\system32\drivers\eBoost.sys [?]

R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]

R0 prl_pv64;prl_pv64;C:\Windows\system32\DRIVERS\prl_pv64.sys --> C:\Windows\system32\DRIVERS\prl_pv64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]

R1 prl_boot;Parallels BootCamp Helper;C:\Windows\system32\DRIVERS\prl_boot.sys --> C:\Windows\system32\DRIVERS\prl_boot.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]

R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]

R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]

R2 MBAMService;MBAMService;D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-22 655944]

R3 AppleODD;Apple ODD;C:\Windows\system32\DRIVERS\AppleODD.sys --> C:\Windows\system32\DRIVERS\AppleODD.sys [?]

R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BthKicker;Apple Bluetooth Device Driver;C:\Windows\system32\DRIVERS\BthKicker.sys --> C:\Windows\system32\DRIVERS\BthKicker.sys [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S4 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]

S4 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]

S4 EBOOSTRSVC;eBoostr Service;C:\Program Files (x86)\eBoostr\EBstrSvc.exe [2009-5-20 639616]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-30 113120]

.

=============== Created Last 30 ================

.

2012-07-22 04:11:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-22 03:59:06 -------- d-sh--w- C:\$RECYCLE.BIN

2012-07-22 03:50:57 98816 ----a-w- C:\Windows\sed.exe

2012-07-22 03:50:57 518144 ----a-w- C:\Windows\SWREG.exe

2012-07-22 03:50:57 256000 ----a-w- C:\Windows\PEV.exe

2012-07-22 03:50:57 208896 ----a-w- C:\Windows\MBR.exe

2012-07-21 18:22:13 -------- d-sh--w- C:\found.000

2012-07-21 16:59:04 -------- d-----w- C:\Users\Michael\AppData\Roaming\ESET

2012-07-21 16:59:04 -------- d-----w- C:\Users\Michael\AppData\Local\ESET

2012-07-21 16:53:56 -------- d-----w- C:\Program Files\ESET

2012-07-21 16:53:03 -------- d-----w- C:\ProgramData\Kaspersky Lab

2012-07-21 14:27:01 -------- d---a-w- C:\.fseventsd

2012-07-21 03:36:10 -------- d-----w- C:\Temp

2012-07-21 03:14:39 -------- d-----w- C:\Boot

2012-07-21 01:28:37 -------- d-----w- C:\Program Files\iTunes

2012-07-21 01:28:37 -------- d-----w- C:\Program Files\iPod

2012-07-21 01:28:37 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-21 01:24:45 -------- d-----w- C:\Program Files (x86)\AirPort

2012-07-21 00:57:42 -------- d-----w- C:\$WINDOWS.~BT

2012-07-20 23:48:37 5646848 ----a-w- C:\Windows\System32\idtcpl64.cpl

2012-07-20 23:48:37 548128 ----a-w- C:\Windows\System32\idt64mp1.exe

2012-07-20 23:48:37 251680 ----a-w- C:\Windows\System32\stacsv64.exe

2012-07-20 23:48:37 2477344 ----a-w- C:\Windows\System32\stlang64.dll

2012-07-20 23:47:47 653088 ----a-w- C:\Windows\System32\stapo64.dll

2012-07-20 23:47:47 372512 ----a-w- C:\Windows\System32\stcplx64.dll

2012-07-20 23:47:44 505120 ----a-w- C:\Windows\System32\stapi64.dll

2012-07-20 23:19:10 -------- d-----w- C:\Program Files (x86)\Common Files\Simple Adblock

2012-07-20 20:09:01 -------- d-----w- C:\$UPGRADE.~OS

2012-07-18 14:56:11 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-18 14:56:10 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-07-18 14:56:10 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-07-18 14:50:30 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-18 14:50:30 -------- d-----w- C:\Windows\System32\Wat

2012-07-17 14:12:56 -------- d-----w- C:\Users\Michael\AppData\Local\NeoSmart_Technologies

2012-07-16 15:12:19 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-16 15:12:19 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-16 15:12:19 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-16 15:12:07 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-16 15:11:55 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-16 15:11:55 -------- d-----w- C:\Program Files\AVAST Software

2012-07-11 15:26:23 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 21:36:52 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-04 21:36:52 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-24 16:26:55 -------- d-----w- C:\Users\Michael\AppData\Local\Macromedia

2012-06-22 14:13:46 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 14:13:42 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-22 14:13:41 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-22 14:13:41 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-11 21:44:26 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-11 21:44:25 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 18:45:31.27 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume3

Install Date: 3/7/2012 2:44:54 AM

System Uptime: 7/21/2012 6:31:47 PM (0 hours ago)

.

Motherboard: Apple Inc. | | Mac-F4208EC8

Processor: Intel® Core™2 CPU T7600 @ 2.33GHz | U2E1 | 2333/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 28 GiB total, 5.411 GiB free.

D: is FIXED (NTFS) - 233 GiB total, 100.695 GiB free.

E: is FIXED (HFS) - 232 GiB total, 186.314 GiB free.

F: is FIXED (HFS) - 27 GiB total, 9.496 GiB free.

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

AirPort

Apple Application Support

Apple Software Update

avast! Free Antivirus

Driver Robot

Dropbox

EasyBCD 2.1.2

eBoostr 3

Eusing Free Registry Cleaner

Evernote v. 4.5.6

Freeze.com NetAssistant

Google Chrome

Google Update Helper

HostsMan 4.0.82 Beta3

IDT Audio

Java™ 6 Update 31

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

NetAssistant

PowerISO

QuickTime

Realtek High Definition Audio Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Simple Adblock

Spybot - Search & Destroy

SSD Tweaker version 2.0.1

SSDlife Free

Transmission-Qt

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Windows 7 Upgrade Advisor

Windows 7 USB/DVD Download Tool

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 6:32:41 PM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The system cannot find the file specified.

7/21/2012 6:32:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

7/21/2012 6:28:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/21/2012 6:28:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/21/2012 6:28:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/21/2012 6:28:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/21/2012 6:28:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cdrom CSC DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy prl_boot Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/21/2012 6:28:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/21/2012 2:23:10 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

7/21/2012 2:23:10 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume BOOTCAMP.

7/21/2012 12:54:01 PM, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/21/2012 11:55:31 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

7/21/2012 11:16:13 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/21/2012 11:15:53 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/21/2012 11:15:53 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

7/21/2012 10:35:48 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

7/21/2012 1:47:04 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

7/20/2012 8:46:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 8:46:30 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 8:46:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache SCDEmu spldr Wanarpv6

7/20/2012 8:32:38 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi cdrom CSC DfsC discache NetBIOS NetBT nsiproxy prl_boot Psched rdbss SCDEmu spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

7/20/2012 7:50:06 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

7/20/2012 3:58:24 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

7/18/2012 10:03:24 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding

7/15/2012 9:14:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007a (0xfffff8a0000b8490, 0xffffffffc0000185, 0x000000001c1a5860, 0xfffff960002f90f4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071512-12308-01.

.

==== End Of File ===========================

Attach.txt

DDS.txt

Link to post
Share on other sites

Hello arnolfini! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall Freeze.com NetAssistant.

Step 2

You have some leftovers from ESET Smart Security. Please follow the instructions here to clean them:

http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Thank you for your reply and instructions, Maniac. I proceeded with your instructions to uninstall the 2 items and run OTL. Here are the logs:

OTL

OTL logfile created on: 7/23/2012 1:45:42 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 71.09% Memory free

8.91 Gb Paging File | 8.04 Gb Available in Paging File | 90.24% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 28.09 Gb Total Space | 5.29 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

Drive D: | 232.56 Gb Total Space | 100.75 Gb Free Space | 43.32% Space Free | Partition Type: NTFS

Drive E: | 232.39 Gb Total Space | 186.31 Gb Free Space | 80.17% Space Free | Partition Type: HFS

Drive F: | 27.01 Gb Total Space | 9.50 Gb Free Space | 35.16% Space Free | Partition Type: HFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/23 13:21:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\AirPort\APAgent.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2011/06/29 08:49:38 | 000,111,488 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\AppleTimeSrv.exe -- (AppleTimeSrv)

SRV:64bit: - [2011/06/29 08:49:36 | 000,224,640 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysNative\AppleOSSMgr.exe -- (AppleOSSMgr)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/21 03:20:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/11 17:44:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/03/25 03:38:12 | 000,251,680 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files (x86)\IDT\Apple_v50\WDM\stacsv64.exe -- (STacSV)

SRV - [2010/03/23 06:27:48 | 000,639,616 | ---- | M] (eBoostr.com) [Disabled | Stopped] -- C:\Program Files (x86)\eBoostr\EBstrSvc.exe -- (EBOOSTRSVC)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/03/29 23:43:44 | 000,118,536 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\prl_pv64.sys -- (prl_pv64)

DRV:64bit: - [2012/03/29 23:43:44 | 000,045,832 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\prl_boot.sys -- (prl_boot)

DRV:64bit: - [2012/03/18 14:26:27 | 000,153,880 | ---- | M] (Doctor Web, Ltd.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dwprot.sys -- (DwProt)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/06/29 08:49:44 | 000,072,024 | ---- | M] (Apple Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AppleHFS.sys -- (AppleHFS)

DRV:64bit: - [2011/06/29 08:49:44 | 000,016,216 | ---- | M] (Apple Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AppleMNT.sys -- (AppleMNT)

DRV:64bit: - [2011/06/29 08:49:42 | 000,022,872 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\MacHALDriver.sys -- (MacHALDriver)

DRV:64bit: - [2011/06/29 08:49:42 | 000,017,752 | ---- | M] (Apple Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KeyAgent.sys -- (KeyAgent)

DRV:64bit: - [2011/06/13 19:36:30 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/05/26 22:13:25 | 000,032,256 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyMagic.sys -- (KeyMagic)

DRV:64bit: - [2011/03/25 04:38:13 | 000,454,656 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/03/25 04:32:04 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IRFilter.sys -- (IRRemoteFlt)

DRV:64bit: - [2011/03/25 04:32:00 | 000,008,704 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AppleODD.sys -- (AppleODD)

DRV:64bit: - [2011/03/25 04:31:37 | 000,008,704 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthKicker.sys -- (BthKicker)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010/11/20 23:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 23:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/09/23 20:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/20 10:38:58 | 000,156,648 | ---- | M] (eBoostr.com) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\eBoost.sys -- (eBoost)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.zerohedge.com/ [binary data]

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 CC 71 DA 2A 23 CC 01 [binary data]

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=561B9E6B-A981-4B6A-A479-32D7E8965A03&apn_sauid=E0B305E4-E3A0-4A52-AB7A-A147BFC4E8CA

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{60D92149-13DB-45F3-9AFB-F1B16A710A4C}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120519,6901,0,8,0

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: ""

FF - prefs.js..browser.search.selectedEngine: "Ask.com"

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/16 11:12:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/21 03:20:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/03/07 00:49:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions

[2012/07/21 22:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\gql8e4vd.default\extensions

[2012/07/21 03:20:24 | 000,000,000 | ---D | M] (Reader) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\gql8e4vd.default\extensions\{20068ab2-1901-4140-9f3c-81207d4dacc4}

[2012/06/29 14:07:57 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\gql8e4vd.default\extensions\donottrackplus@abine.com

[2012/03/08 02:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

File not found (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQL8E4VD.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM

[1832/11/29 00:44:26 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\MICHAEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQL8E4VD.DEFAULT\EXTENSIONS\TUYPHMMWCG@TUYPHMMWCG.ORG.XPI

[2012/07/21 03:20:54 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/07/04 17:36:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/07/04 17:36:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},

CHR - homepage: http://www.google.com/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Michael\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: AdBlock = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\

CHR - Extension: avast! WebRep = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/21 12:23:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Program Files\Boot Camp\Bootcamp.exe (Apple Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files (x86)\AirPort\APAgent.exe (Apple Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: internet ([]about in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: mcafee.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: mcafee.com ([]https in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: microsoft.com ([office] http in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: microsoft.com ([update] http in Trusted sites)

O15 - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..Trusted Domains: office.com ([]https in Trusted sites)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 74.5.116.246 205.244.194.36

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE079FC1-E635-4995-AF77-4C7C38F32FE2}: DhcpNameServer = 74.5.116.242 74.5.116.246

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCADE9DC-1763-4062-BA5A-00EF95BF4B13}: DhcpNameServer = 74.5.116.246 205.244.194.36

O18 - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/23 13:23:59 | 000,638,976 | ---- | C] (ESET) -- C:\Users\Michael\Desktop\ESETUninstaller.exe

[2012/07/22 18:21:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/07/22 00:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/07/22 00:11:44 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/21 23:59:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/07/21 23:57:32 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/07/21 23:50:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/07/21 23:50:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/07/21 23:50:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/07/21 23:50:34 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/07/21 23:49:06 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe

[2012/07/21 14:22:13 | 000,000,000 | -HSD | C] -- C:\found.000

[2012/07/21 12:59:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\ESET

[2012/07/21 12:59:04 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\ESET

[2012/07/21 12:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/07/20 23:36:10 | 000,000,000 | ---D | C] -- C:\Temp

[2012/07/20 23:14:39 | 000,000,000 | ---D | C] -- C:\Boot

[2012/07/20 21:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2012/07/20 21:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2012/07/20 21:28:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2012/07/20 21:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2012/07/20 21:24:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AirPort

[2012/07/20 20:57:42 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT

[2012/07/20 19:48:37 | 005,646,848 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idtcpl64.cpl

[2012/07/20 19:48:37 | 002,477,344 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stlang64.dll

[2012/07/20 19:48:37 | 000,548,128 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\idt64mp1.exe

[2012/07/20 19:48:37 | 000,251,680 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stacsv64.exe

[2012/07/20 19:47:47 | 000,653,088 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapo64.dll

[2012/07/20 19:47:47 | 000,372,512 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stcplx64.dll

[2012/07/20 19:47:44 | 000,505,120 | ---- | C] (IDT, Inc.) -- C:\Windows\SysNative\stapi64.dll

[2012/07/20 19:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Simple Adblock

[2012/07/20 16:09:01 | 000,000,000 | ---D | C] -- C:\$UPGRADE.~OS

[2012/07/18 10:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012/07/18 10:50:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2012/07/17 10:12:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\NeoSmart_Technologies

[2012/07/17 10:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies

[2012/07/16 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012/07/16 11:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/07/16 11:12:20 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/07/16 11:12:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/07/16 11:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2012/07/16 11:12:19 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/07/16 11:12:19 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2012/07/16 11:12:19 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/07/16 11:12:19 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/07/16 11:12:19 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/07/16 11:12:07 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/07/16 11:12:07 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/07/16 11:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software

[2012/07/16 11:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2012/07/15 21:14:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2012/06/24 12:26:55 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Macromedia

[1 C:\Users\Michael\Desktop\*.tmp files -> C:\Users\Michael\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/23 13:49:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/23 13:49:08 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/23 13:49:08 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/23 13:48:47 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/23 13:48:47 | 000,026,352 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/23 13:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/23 13:43:44 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/23 13:43:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/23 13:43:29 | 1593,995,264 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/23 13:24:00 | 000,638,976 | ---- | M] (ESET) -- C:\Users\Michael\Desktop\ESETUninstaller.exe

[2012/07/23 13:21:54 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe

[2012/07/23 02:35:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/23 02:33:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591084242-1256559719-2965977113-1001UA.job

[2012/07/22 23:33:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-591084242-1256559719-2965977113-1001Core.job

[2012/07/21 22:52:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/07/21 22:52:00 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/07/21 22:03:53 | 000,783,424 | ---- | M] () -- C:\Windows\pkeyconfig.xrm-ms

[2012/07/21 22:03:52 | 000,000,003 | RHS- | M] () -- C:\win7ldr

[2012/07/21 22:03:36 | 000,203,316 | RHS- | M] () -- C:\grldr

[2012/07/21 17:27:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/07/21 12:23:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2012/07/21 09:45:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2012/07/21 09:45:56 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2012/07/20 21:47:37 | 000,015,364 | ---- | M] () -- C:\.DS_Store

[2012/07/20 14:04:48 | 000,006,148 | ---- | M] () -- C:\ProgramData\.DS_Store

[2012/07/11 16:22:09 | 000,279,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2012/07/03 12:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[1 C:\Users\Michael\Desktop\*.tmp files -> C:\Users\Michael\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 23:50:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/07/21 23:50:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/07/21 23:50:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/07/21 23:50:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/07/21 23:50:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/07/21 22:52:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/07/21 22:52:00 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/07/21 22:03:52 | 000,000,003 | RHS- | C] () -- C:\win7ldr

[2012/07/20 19:31:53 | 000,783,424 | ---- | C] () -- C:\Windows\pkeyconfig.xrm-ms

[2012/07/20 14:04:08 | 000,006,148 | ---- | C] () -- C:\ProgramData\.DS_Store

[2012/07/16 11:12:25 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/16 11:12:24 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/16 11:12:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt

[2012/03/22 20:39:04 | 000,115,636 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/03/09 21:46:27 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini

[2012/03/09 21:00:01 | 000,000,352 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Network Meter_Settings.ini

[2011/01/20 09:18:09 | 010,485,760 | ---- | C] () -- C:\Users\Michael\test.10meg

[2007/06/10 17:23:10 | 000,000,000 | ---- | C] () -- C:\Users\Michael\usb

========== LOP Check ==========

[2012/03/18 12:18:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\abelhadigital.com

[2012/03/09 21:30:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Blitware

[2012/05/24 23:23:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox

[2012/07/21 12:59:04 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ESET

[2012/03/07 00:49:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Thunderbird

[2012/07/20 19:32:47 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\transmission

[2012/03/09 21:53:21 | 000,000,366 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2012/06/23 13:28:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Windows\.DS_Store:AFP_AfpInfo

@Alternate Data Stream - 64 bytes -> C:\ProgramData\.DS_Store:AFP_AfpInfo

@Alternate Data Stream - 64 bytes -> C:\.Trashes:AFP_AfpInfo

@Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo

< End of report >

Extras

OTL Extras logfile created on: 7/23/2012 1:45:42 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Michael\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 71.09% Memory free

8.91 Gb Paging File | 8.04 Gb Available in Paging File | 90.24% Paging File free

Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 28.09 Gb Total Space | 5.29 Gb Free Space | 18.83% Space Free | Partition Type: NTFS

Drive D: | 232.56 Gb Total Space | 100.75 Gb Free Space | 43.32% Space Free | Partition Type: NTFS

Drive E: | 232.39 Gb Total Space | 186.31 Gb Free Space | 80.17% Space Free | Partition Type: HFS

Drive F: | 27.01 Gb Total Space | 9.50 Gb Free Space | 35.16% Space Free | Partition Type: HFS

Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C689E36-1413-4940-891C-03D06B7A2674}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0F45CF0D-81F7-4BEA-80F6-DCD4E23E55F6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{10FDC319-9898-47F3-8D72-6523154274A6}" = rport=445 | protocol=6 | dir=out | app=system |

"{14A6F707-DC46-443B-BF75-3F9C2D19E40A}" = lport=2869 | protocol=6 | dir=in | app=system |

"{16D96684-574C-4936-90B9-473D67941D98}" = lport=10243 | protocol=6 | dir=in | app=system |

"{1E551AA5-264E-4894-A406-8D6AD9E8A578}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{37E5220D-F4DB-404C-B05C-8D1F3CF6A2BD}" = lport=138 | protocol=17 | dir=in | app=system |

"{3FA58E52-F7D2-4D57-8323-6F25EE70AC34}" = lport=5353 | protocol=17 | dir=in | name=bonjour |

"{4E937F5A-A427-4D50-B518-D8C7ECF0C7F6}" = rport=139 | protocol=6 | dir=out | app=system |

"{62CFFF9F-78E5-4764-997E-DBD83358284B}" = lport=137 | protocol=17 | dir=in | app=system |

"{65C2751B-2970-4AAA-8DDA-0F30B13AAEBE}" = lport=139 | protocol=6 | dir=in | app=system |

"{7BDCD195-05CD-4EF8-8DC0-9519BE067454}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{80F49DC9-44AE-4145-B109-4D41CEA84723}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8C4A58CD-FB06-4E06-BB9C-8D1524CCD6C7}" = lport=445 | protocol=6 | dir=in | app=system |

"{8CB22194-11BA-44CC-A14B-CBA915F2A44E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{924BA259-D609-4F9D-9254-AFC69D0BB261}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{939DD8D0-89D3-4B29-AF97-495E2EDC72BE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9A0EB1DC-8C30-4752-93E0-8E45A184257E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{A8479BF8-9DFB-42EF-BBFB-CE3BCABE1830}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BF1559E8-695F-4B96-8BC7-EBDA31C8F4B7}" = rport=137 | protocol=17 | dir=out | app=system |

"{C69A48BE-F6FF-4040-B1BE-4E4481595DCC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D3B76209-C236-453B-BE1C-6654E2EBC85D}" = rport=10243 | protocol=6 | dir=out | app=system |

"{EC29BA76-05E7-427A-97B3-B7510073D505}" = rport=138 | protocol=17 | dir=out | app=system |

"{F8785669-0ADF-473C-BDCA-371867FBED17}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01B19F0A-6ADB-46F2-83BE-D4E99619369C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{18402932-7C6B-4771-9562-BB709B4BC4BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{18DFDA92-302F-4DCD-9970-4E94E3633A71}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{200739CC-55A9-41D7-80EC-0914FCFEC380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{28A9A86F-8CEF-40E4-A87A-B68FCD516C30}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2957291B-631C-492C-AE93-D1AC2B0B6ED4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{2C66EBC8-B968-4554-957C-FA429E99E065}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{3127E91C-28FA-4D8D-9891-5074FC39D3B7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{32A36E24-7B3D-4D0D-9EC4-32717FE48039}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{4D6ECDBC-74D9-48CC-A3ED-D8C82DEEAC6E}" = protocol=6 | dir=out | app=system |

"{5C37F5DE-81B3-4249-9EDA-E0E21AB3A4E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5F2C2288-939C-4339-A0A7-AB931D812836}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |

"{65BC5FB2-C234-4E71-8F76-9244313ADEDF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{6F3E6F60-214F-451A-BD35-B86B102AF71B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{78C4BAC0-3DCC-4B53-A842-7ECD60D681FC}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |

"{81E9C72B-AA20-40B7-B5BE-91C160D3F2A3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{85696CF5-DD5B-4031-A27B-FB5172A34DC7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{8F2845E5-7E96-48A6-9934-748C944ECA73}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{9E783F2E-F421-4463-8AFA-19020DBE8D5B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A0E13995-8393-4BAF-B958-6D21AAA693A3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{A0FC65D8-23BE-44C4-89C5-EB54F9129395}" = dir=in | app=c:\program files (x86)\airport\apagent.exe |

"{B65BAEBA-8020-4B47-949E-B5D6EABFB233}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{BC20D87D-60D1-4DFF-B38F-69429FA32779}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C571077E-1C60-4039-B7C2-216577ECB3F8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D9A5F2F8-F85C-408C-94BA-CC81B3611FB4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{E2E57966-E844-49DA-8503-45E364B7E9AB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E457503C-CA70-4475-9FB1-82EA049FC26F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{EA152A7A-6549-45F0-A19E-682ED1DD0CAC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{FD7061A8-FEFA-47C7-B5F5-9DFE6A81CE7C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FD857E06-F881-4606-B55F-02CBDE1331CD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"TCP Query User{287ED727-D26A-44DF-8EB0-983B86BABF36}C:\program files (x86)\transmission-qt\transmission-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\transmission-qt\transmission-qt.exe |

"TCP Query User{AFAB0F8B-CB85-49C5-A34B-E12A72BAADA8}C:\program files (x86)\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files (x86)\airport\aputil.exe |

"UDP Query User{BB0646F7-26CD-4953-8053-B55B29E1D803}C:\program files (x86)\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files (x86)\airport\aputil.exe |

"UDP Query User{D7FABAE0-D433-4229-B9DE-CC50FE933E24}C:\program files (x86)\transmission-qt\transmission-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\transmission-qt\transmission-qt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5F3A89AB-9EA8-6B75-EB86-FEEA6208296A}" = ATI Catalyst Install Manager

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUS_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010

"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUS_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUS_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUS_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{ADA3F9C8-A6D3-4FCF-BFBB-EAD69AC0884E}" = Boot Camp Services

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"0B6B49213CF56838AFC233905FA14AC47EAA9B28" = Windows Driver Package - Apple Inc. Apple Broadcom Bluetooth (10/05/2010 3.2.0.1)

"110E24F054DE5F4F72985BC1F3A53F61985BD4CC" = Windows Driver Package - Broadcom (BCM43XX) Net (04/06/2011 5.100.198.22)

"159439476E3A00F9FAE49DD6C1A78F2F6288A5B9" = Windows Driver Package - Intel (e1express) Net (03/26/2010 9.13.41.0)

"26D089A9557429904D9851293EA25C911B64CCF8" = Windows Driver Package - Broadcom Corporation (bScsiSDa) SDHost (01/18/2011 1.0.0.220)

"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)

"43B83D262B11C05DBFE8BEB0E2CBD5A9EA1E7F9C" = Windows Driver Package - Cirrus Logic, Inc. (CirrusFilter) MEDIA (12/03/2010 6.6001.1.30)

"455287ECCB4BABCDE9C6713B82B1BDA990D55398" = Windows Driver Package - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1)

"57AFA39B22ADEC4E383572E9331167546EB3C9C7" = Windows Driver Package - Intel (e1qexpress) Net (12/04/2009 11.4.7.0)

"5BEF08C10896D86DC13394FFA75874564B700368" = Windows Driver Package - Intel (e1kexpress) Net (04/12/2010 11.6.92.0)

"703003CF14C8E79F68CA5A750AF4E02B9BD4B4D8" = Windows Driver Package - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1)

"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows Driver Package - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)

"76830D11874044260C923425E7F5A72F25EDA758" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)

"7C9678A21221D0575C74AF7CE68E28C2771F9E41" = Windows Driver Package - Broadcom (b57nd60a) Net (12/02/2010 14.4.2.2)

"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows Driver Package - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)

"C7DD621795A42EAE550280D4D7601459F35C4EC2" = Windows Driver Package - Apple Inc. Apple Wireless Trackpad (01/17/2011 3.2.0.0)

"CB599752301BCA080D135697FDD05900F5A5CF4C" = Windows Driver Package - Intel (e1yexpress) Net (04/07/2010 10.1.9.0)

"CCleaner" = CCleaner

"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows Driver Package - Marvell (yukonx64) Net (12/06/2007 10.51.1.3)

"D088EE4BD2819FBA2B349EF9D55176F223419BE6" = Windows Driver Package - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1)

"D53CBF2C12DF51DA5E9C1A9DA97FF0DCA0C524C5" = Windows Driver Package - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.10.3.10)

"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows Driver Package - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)

"D6B4CB6AD2F81752C2EF8DCF6AD5EBC567ADD45C" = Windows Driver Package - Apple Inc. Apple ODD (05/17/2010 3.1.0.0)

"D76172B51B1ECB34E38F97F42F51B7A46FA15F52" = Windows Driver Package - Apple Inc. Apple System Device (04/05/2011 3.2.0.8)

"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows Driver Package - Apple Inc. Apple Display (01/23/2009 3.0.0.0)

"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows Driver Package - Intel System (07/20/2007 1.2.76.0)

"EA3C044F6FD39CEC8F4F596836BF4197E97E1D39" = Windows Driver Package - Apple Inc. Apple Bluetooth (03/01/2010 3.0.0.5)

"F08FFCF5C857951E0CC5F736988F3D01BF425252" = Windows Driver Package - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1)

"F0A3F8394866FA91E82C8D5AB92C918FE40FE1DF" = Windows Driver Package - Atheros Communications Inc. (athr) Net (11/13/2010 9.2.0.113)

"F71DB41300D30088C8D3716343D1429488E605C1" = Windows Driver Package - Intel (e1rexpress) Net (01/07/2010 11.4.16.0)

"HDMI" = Intel® Graphics Media Accelerator Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support

"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2C1D4263-77F0-46F6-A3A3-F89A95F6EB8F}" = SSDlife Free

"{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83FA601A-241A-4956-8A21-F7D525C4422F}_is1" = SSD Tweaker version 2.0.1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6

"{DF005BE5-DF01-43D9-B6FB-6296446CA61F}_is1" = HostsMan 4.0.82 Beta3

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"8538E49A-6FE5-4FDB-8649-922BB839F21F" = Transmission-Qt

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"EasyBCD" = EasyBCD 2.1.2

"eBoostr 1" = eBoostr 3

"ESET Online Scanner" = ESET Online Scanner v3

"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"PowerISO" = PowerISO

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/22/2012 2:01:20 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,

time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,

time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting

process id: 0xedc Faulting application start time: 0x01cd682306594b27 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 3d269ff8-d427-11e1-94cb-0016cb13cdaf

Error - 7/22/2012 2:01:25 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,

time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,

time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting

process id: 0xe5c Faulting application start time: 0x01cd6819734297d9 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: 4003c7cd-d427-11e1-94cb-0016cb13cdaf

Error - 7/22/2012 6:21:13 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/22/2012 7:41:24 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,

time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,

time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting

process id: 0x5904 Faulting application start time: 0x01cd68637dd50ad1 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: bf1cdaff-d456-11e1-b4a3-0016cb13cdaf

Error - 7/22/2012 7:42:00 PM | Computer Name = Michael-PC | Source = Application Error | ID = 1000

Description = Faulting application name: iexplore.exe, version: 9.0.8112.16447,

time stamp: 0x4fc9cd53 Faulting module name: aswWebRepIE.dll, version: 7.0.1456.418,

time stamp: 0x4ff31b8b Exception code: 0xc0000417 Fault offset: 0x0004d9fb Faulting

process id: 0x4ca8 Faulting application start time: 0x01cd6862b554ad26 Faulting application

path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:

C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll Report Id: d4712e9d-d456-11e1-b4a3-0016cb13cdaf

Error - 7/23/2012 1:11:45 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:\program files (x86)\ESET\eset

online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 7/23/2012 1:11:49 AM | Computer Name = Michael-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program

files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

Error - 7/23/2012 1:17:33 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/23/2012 1:36:37 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/23/2012 1:45:22 PM | Computer Name = Michael-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 7/15/2012 9:15:36 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

Error - 7/16/2012 10:48:25 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

Error - 7/16/2012 10:50:38 AM | Computer Name = Michael-PC | Source = DCOM | ID = 10001

Description =

Error - 7/16/2012 2:55:36 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 7/16/2012 10:56:16 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

Error - 7/16/2012 10:57:25 AM | Computer Name = Michael-PC | Source = DCOM | ID = 10001

Description =

Error - 7/16/2012 11:02:46 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 7/16/2012 11:03:26 AM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

Error - 7/16/2012 9:38:03 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

Error - 7/16/2012 9:56:35 PM | Computer Name = Michael-PC | Source = Service Control Manager | ID = 7023

Description = The Superfetch service terminated with the following error: %%2

< End of report >

Link to post
Share on other sites

Good! :)

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 97 CC 71 DA 2A 23 CC 01 [binary data]
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=561B9E6B-A981-4B6A-A479-32D7E8965A03&apn_sauid=E0B305E4-E3A0-4A52-AB7A-A147BFC4E8CA
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
    IE - HKU\S-1-5-21-591084242-1256559719-2965977113-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=119&systemid=406&sr=0&q={searchTerms}
    FF - prefs.js..browser.search.order.1: ""
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Thank you for the quick response time, Maniac. OTL was run with the custom scan/fix. Here is the fix log:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKU\S-1-5-21-591084242-1256559719-2965977113-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKEY_USERS\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_USERS\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.

Registry key HKEY_USERS\S-1-5-21-591084242-1256559719-2965977113-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Prefs.js: "" removed from browser.search.order.1

Prefs.js: "Ask.com" removed from browser.search.selectedEngine

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Michael\Desktop\Malware Fix\cmd.bat deleted successfully.

C:\Users\Michael\Desktop\Malware Fix\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris

->Temp folder emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Michael

->Temp folder emptied: 6535750 bytes

->Temporary Internet Files folder emptied: 19658930 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 42483755 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 506 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 44 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 65.00 mb

OTL by OldTimer - Version 3.2.54.0 log created on 07232012_122509

Files\Folders moved on Reboot...

C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\activityi;src=3106981;type=kitco800;cat=kitco909;ord=1;num=1283377233841.6943;~oref=http___www.kitco.com_charts_livegold[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\bind[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\charts_bottom_ads[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\checkOAuth[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCA1M3NEJ.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCACL5T2U.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCAVCDO9Y.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCAXRQ327.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\fastbutton[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\FZa_MODmDkR9DTu5jHSnSVQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\goldcharts_header_ad[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\j[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\koFYE26bhT88HgRA8f4vbVQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\like[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\mail[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\msnhomepagehistory[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\rotatedads3[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\si[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\si[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\tweet_button.1340179658CA14NRS3.htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\tweet_button.1340179658CAU82V3E.htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\VXdqIs7WDCt-XY_CZ2hksw[2].eot moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\xd_arbiter[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\100817966[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[3].js moved successfully.

File\Folder C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\bind[1].htm not found!

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\charts_bottom_ads[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA0XSIOE.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA1B33CZ.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA8K0EQO.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCAMRFV2L.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCAOORW4H.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[10].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[11].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[4].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[5].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[6].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[7].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[9].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\dmg_banner_001[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\ga_track[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\hovercard[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\j[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\like[5].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[3].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[5].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\max_log[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\max_log[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\pickstyle[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\presignin[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\si[7].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\si[8].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\visit[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\yql[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\100817966[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\100817966[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\728x90[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\adsCAQMPPZ0.htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\ads[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\ads[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\allScripts[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\c=581_rand=650484345_pv=y_p=3074_p=3075_dp=y_rt=ifr[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\charts_gold_ox_deanmg[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\charts_gold_ox_deanmg[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCA1WQAWS.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCANRFTXM.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCAULFSXB.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[10].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[11].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[4].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[5].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[6].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[7].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[8].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\documentwrite[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\Empty[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\guest-post-why-us-dollar-not-going-zero-anytime-soon[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\livegold[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\rotatedads4[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\siCAQMTH8F.htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\si[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\visit[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\100817966[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\300x250[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\300x250[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\728x90[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\activityi;src=3106981;type=kitco800;cat=kitco909;ord=1;num=756961960745.7273;~oref=http___www.kitco.com_charts_livegold[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\ads[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\ads[4].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\checkOAuth[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCA6YC08A.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCAQBEXWL.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCAUZ5R4I.js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[4].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[5].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[8].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\dmg_banner_001[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\Empty[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\goldcharts_header_ad[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\like[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\like[2].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\mail[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[2].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[3].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[4].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[5].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[6].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\msn_landing[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\oauth[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\openhand[1].txt moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rotatedads3[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rotatedads4[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rpc[1].js moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\si[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\si[6].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\tweet_button.1340179658[1].htm moved successfully.

C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\xd_arbiter[1].htm moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

File C:\Users\Michael\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\activityi;src=3106981;type=kitco800;cat=kitco909;ord=1;num=1283377233841.6943;~oref=http___www.kitco.com_charts_livegold[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\bind[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\charts_bottom_ads[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\checkOAuth[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCA1M3NEJ.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCACL5T2U.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCAVCDO9Y.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\countCAXRQ327.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\count[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\fastbutton[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\FZa_MODmDkR9DTu5jHSnSVQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\goldcharts_header_ad[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\j[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\koFYE26bhT88HgRA8f4vbVQlYEbsez9cZjKsNMjLOwM[1].eot not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\like[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\mail[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\msnhomepagehistory[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\rotatedads3[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\si[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\si[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\tweet_button.1340179658CA14NRS3.htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\tweet_button.1340179658CAU82V3E.htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\VXdqIs7WDCt-XY_CZ2hksw[2].eot not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZFP66KKF\xd_arbiter[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\100817966[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\160x600[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\bind[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\charts_bottom_ads[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA0XSIOE.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA1B33CZ.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCA8K0EQO.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCAMRFV2L.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\countCAOORW4H.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[10].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[11].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[4].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[5].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[6].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[7].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\count[9].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\dmg_banner_001[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\ga_track[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\hovercard[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\j[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\like[5].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[3].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\mail[5].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\max_log[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\max_log[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\pickstyle[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\presignin[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\si[7].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\si[8].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\visit[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P8X95U48\yql[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\100817966[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\100817966[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\728x90[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\adsCAQMPPZ0.htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\ads[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\ads[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\allScripts[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\c=581_rand=650484345_pv=y_p=3074_p=3075_dp=y_rt=ifr[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\charts_gold_ox_deanmg[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\charts_gold_ox_deanmg[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCA1WQAWS.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCANRFTXM.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\countCAULFSXB.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[10].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[11].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[4].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[5].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[6].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[7].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\count[8].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\documentwrite[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\Empty[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\guest-post-why-us-dollar-not-going-zero-anytime-soon[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\livegold[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\max_log[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\rotatedads4[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\siCAQMTH8F.htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\si[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IA3E21SS\visit[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\100817966[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\300x250[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\300x250[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\728x90[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\activityi;src=3106981;type=kitco800;cat=kitco909;ord=1;num=756961960745.7273;~oref=http___www.kitco.com_charts_livegold[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\ads[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\ads[4].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\checkOAuth[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCA6YC08A.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCAQBEXWL.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\countCAUZ5R4I.js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[4].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[5].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\count[8].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\dmg_banner_001[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\Empty[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\goldcharts_header_ad[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\like[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\like[2].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\mail[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[2].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[3].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[4].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[5].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\max_log[6].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\msn_landing[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\oauth[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\openhand[1].txt not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rotatedads3[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rotatedads4[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\rpc[1].js not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\si[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\si[6].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\tweet_button.1340179658[1].htm not found!

File C:\Users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4456Q06\xd_arbiter[1].htm not found!

[2012/07/23 12:37:33 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.