Jump to content

start.funmoods.com redirect


Recommended Posts

Using IE and Firefox I get a redirect from start.funmoods.com when searching from the address bar.

I was unable to get the dds logs. I disabled real-time protection and had a recurring error, "pev.dat has stopped working"

I used RSIT instead:

Thanks.

-------------------------

info.txt logfile of random's system information tool 1.09 2012-08-12 09:45:08

======Uninstall list======

32 Bit HP CIO Components Installer-->MsiExec.exe /I{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 11 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex

Adobe Reader X (10.1.3)-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA1000000001}

Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log

Apple Application Support-->MsiExec.exe /I{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}

Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}

Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}

ATI Catalyst Control Center Ex-->MsiExec.exe /I{EAB9C426-6626-7B76-64F3-569FDCA9852D}

ATI PCI Express (3GIO) Filter Driver-->C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly

avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup

Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}

Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf

Dell DataSafe Online-->MsiExec.exe /I{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}

Dell Support Center-->MsiExec.exe /X{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}

Dell System Customization Wizard-->MsiExec.exe /I{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}

Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"

DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}

Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

EarthLink Setup Files-->MsiExec.exe /X{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}

Ecobar-->regsvr32 /u /s "C:\Program Files\Ecobar\tbcore3.dll"

Games, Music, & Photos Launcher-->MsiExec.exe /I{3E25E350-949F-4DB7-8288-2A60E018B4C1}

Greetings Workshop-->C:\Program Files\Greetings Workshop\SETUP\setup.exe

HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}\setup\hpzscr01.exe -datfile hposcr14.dat

HP Photosmart D110 All-In-One Driver 14.0 Rel. 7-->C:\Program Files\HP\Digital Imaging\{14BC6853-A74E-4874-B50D-679889D1544D}\setup\hpzscr01.exe -datfile hposcr46.dat -onestop -forcereboot

Internet Service Offers Launcher-->MsiExec.exe /I{CCFF1E13-77A2-4032-8B12-7566982A27DF}

iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}

Java 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}

Java 7 Update 5-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217005FF}

JavaFX 2.1.1-->MsiExec.exe /X{1111706F-666A-4037-7777-211328764D10}

Malwarebytes Anti-Malware version 1.62.0.1300-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MediaWidget 6.0-->"C:\Program Files\Media Widget\unins000.exe"

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client

Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}

Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}

MotoConnect-->MsiExec.exe /I{C939B88E-E23C-4952-B1CD-11638664CE12}

Motorola Driver Installation 4.2.0-->MsiExec.exe /I{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}

Mozilla Firefox 11.0 (x86 en-US)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

Plants Vs Zombies-->"C:\Windows\Plants Vs Zombies\uninstall.exe" "/U:C:\Program Files\Plants Vs Zombies\Uninstall\uninstall.xml"

Product Documentation Launcher-->MsiExec.exe /I{89CEAE14-DD0F-448E-9554-15781EC9DB24}

QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}

QuickTime-->MsiExec.exe /I{0E64B098-8018-4256-BA23-C316A43AD9B0}

Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}

Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}

Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {728D9A6A-2206-31E8-9F65-C3EABEFCF53E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {67A5F99B-5EBA-3812-8D2E-BC251490DD3F} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8DDEFC7E-0C61-3D11-AFC6-5414F2DAFD01} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4952F442-5C1A-38EB-8C23-B18EFE77E20C} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9EC88EA8-4ABE-393C-87BD-90EABB1C4C9B} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {86BB5A25-8CC3-33CE-A393-CF28901682B2} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {16EEC04A-B924-37E0-97CF-422DCEFC1B63} /parameterfolder Client

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C4D978AA-2668-3404-96DE-96E2AFC62FD7} /parameterfolder Client

SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Sony Media Manager for PSP 2.0a-->MsiExec.exe /X{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

SpywareBlaster 4.4-->"C:\Program Files\SpywareBlaster\unins000.exe"

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab CYRI-->MsiExec.exe /I{1F77C418-2C90-459C-BD33-B56A4182B9FA}

TuneUp Companion 2.4.2.1-->C:\Program Files\TuneUpMedia\Uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->c:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D9961AC-7C99-36A2-9EF0-34678AED5384} /parameterfolder Client

User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"

VoiceOver Kit-->MsiExec.exe /I{7C5B4583-7CBF-4289-B195-03B553959DEA}

Warcraft III-->C:\Windows\War3Unin.exe C:\Windows\War3Unin.dat

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S

Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Internet Mail-->C:\Windows\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll

Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: Alex-PC

Event Code: 1003

Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DD96C14A5. The following error occurred:

The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Record Number: 191895

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20101213130811.000000-000

Event Type: Warning

User:

Computer Name: Alex-PC

Event Code: 16

Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 191868

Source Name: Microsoft-Windows-WindowsUpdateClient

Time Written: 20101213021905.666952-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

Computer Name: Alex-PC

Event Code: 4

Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 191867

Source Name: bcm4sbxp

Time Written: 20101213021902.562500-000

Event Type: Warning

User:

Computer Name: Alex-PC

Event Code: 4

Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 191861

Source Name: bcm4sbxp

Time Written: 20101212151833.640625-000

Event Type: Warning

User:

Computer Name: Alex-PC

Event Code: 4

Message: Broadcom 440x 10/100 Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 191840

Source Name: bcm4sbxp

Time Written: 20101211001055.656250-000

Event Type: Warning

User:

=====Application event log=====

Computer Name: Alex-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 1107354156

Record Number: 612842

Source Name: Bonjour Service

Time Written: 20101015141517.000000-000

Event Type: Error

User:

Computer Name: Alex-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 1107354156

Record Number: 612841

Source Name: Bonjour Service

Time Written: 20101015141517.000000-000

Event Type: Error

User:

Computer Name: Alex-PC

Event Code: 100

Message: Task Scheduling Error: Continuously busy for more than a second

Record Number: 612840

Source Name: Bonjour Service

Time Written: 20101015141517.000000-000

Event Type: Error

User:

Computer Name: Alex-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledSPRetry 1107346266

Record Number: 612839

Source Name: Bonjour Service

Time Written: 20101015141509.000000-000

Event Type: Error

User:

Computer Name: Alex-PC

Event Code: 100

Message: Task Scheduling Error: m->NextScheduledEvent 1107346266

Record Number: 612838

Source Name: Bonjour Service

Time Written: 20101015141509.000000-000

Event Type: Error

User:

=====Security event log=====

Computer Name: Alex-PC

Event Code: 4634

Message: An account was logged off.

Subject:

Security ID: S-1-5-21-658165674-4144835535-2735956361-1000

Account Name: Alex

Account Domain: Alex-PC

Logon ID: 0x5ff22

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.

Record Number: 48453

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100302234218.059364-000

Event Type: Audit Success

User:

Computer Name: Alex-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-21-658165674-4144835535-2735956361-1000

Account Name: Alex

Account Domain: Alex-PC

Logon ID: 0x5ff22

Privileges: SeSecurityPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeTakeOwnershipPrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeLoadDriverPrivilege

SeImpersonatePrivilege

Record Number: 48452

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100302234217.895301-000

Event Type: Audit Success

User:

Computer Name: Alex-PC

Event Code: 4624

Message: An account was successfully logged on.

Subject:

Security ID: S-1-5-18

Account Name: ALEX-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon Type: 3

New Logon:

Security ID: S-1-5-21-658165674-4144835535-2735956361-1000

Account Name: Alex

Account Domain: Alex-PC

Logon ID: 0x5ff22

Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:

Process ID: 0x6d8

Process Name: C:\Windows\System32\BCMWLTRY.EXE

Network Information:

Workstation Name: ALEX-PC

Source Network Address: -

Source Port: -

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 48451

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100302234217.895301-000

Event Type: Audit Success

User:

Computer Name: Alex-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

Subject:

Security ID: S-1-5-18

Account Name: ALEX-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:

Account Name: Alex

Account Domain: Alex-PC

Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:

Target Server Name: localhost

Additional Information: localhost

Process Information:

Process ID: 0x6d8

Process Name: C:\Windows\System32\BCMWLTRY.EXE

Network Information:

Network Address: -

Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 48450

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100302234217.895301-000

Event Type: Audit Success

User:

Computer Name: Alex-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

Subject:

Security ID: S-1-5-21-658165674-4144835535-2735956361-1000

Account Name: Alex

Account Domain: Alex-PC

Logon ID: 0x59907

Privileges: SeSecurityPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeTakeOwnershipPrivilege

SeDebugPrivilege

SeSystemEnvironmentPrivilege

SeLoadDriverPrivilege

SeImpersonatePrivilege

Record Number: 48449

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20100302234208.887489-000

Event Type: Audit Success

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD

"PROCESSOR_REVISION"=6801

"NUMBER_OF_PROCESSORS"=2

"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"asl.log"=Destination=file;OnFirstLog=command,environment

"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

"CLASSPATH"=.;C:\Program Files\Java\jre7\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre7\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.09 (written by random/random)

Run by Stefan at 2012-08-12 09:44:52

Microsoft® Windows Vista™ Home Premium Service Pack 2

System drive C: has 41 GB (39%) free of 104 GB

Total RAM: 1917 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:45:06 AM, on 8/12/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE

C:\Windows\System32\WLTRAY.EXE

C:\Windows\sttray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Stefan\Desktop\RSIT (1).exe

C:\Program Files\trend micro\Stefan.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\Windows\system32\KBDTURMEK.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\msconfigr.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 5897 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1000UA.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default

prefs.js - "browser.startup.homepage" - "www.google.com"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 10

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]

"Description"=iTunes Detector Plug-in

"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]

"Description"=

"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]

"Description"=

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]

"Description"=Yahoo Messenger State Plugin

"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]

"Description"=Windows Presentation Foundation plug-in for Mozilla browsers

"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\

binary.manifest

browsercomps.dll

KBDCANO.DLL

nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\

install.js

np-mswmp.dll

nppdf32.dll

npqtplugin.dll

npqtplugin2.dll

npqtplugin3.dll

npqtplugin4.dll

npqtplugin5.dll

npqtplugin6.dll

npqtplugin7.dll

QuickTimePlugin.class

WMP Firefox Plugin License.rtf

WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\

amazondotcom.xml

bing.xml

eBay.xml

google.xml

google_search.xml

twitter.xml

wikipedia.xml

yahoo.xml

C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\extensions\

LogMeInClient@logmein.com

C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\searchplugins\

Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-07-11 90112]

"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2006-11-21 1540096]

""= []

"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]

"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-07-03 4273976]

"OCDLMgr"= []

"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Users\Stefan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-16 116648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\Windows\system32\KBDTURMEK.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"EnableLUA"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"vidc.uyvy"=msyuv.dll

"vidc.yuy2"=msyuv.dll

"vidc.yvyu"=msyuv.dll

"vidc.iyuv"=iyuv_32.dll

"vidc.i420"=iyuv_32.dll

"vidc.yvu9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-12 09:44:52 ----D---- C:\rsit

2012-08-12 08:34:10 ----D---- C:\Users\Stefan\AppData\Roaming\yahoo!

2012-08-12 08:06:44 ----D---- C:\Users\Stefan\AppData\Roaming\IObit

2012-08-12 08:06:29 ----D---- C:\Program Files\IObit

2012-08-11 21:28:30 ----ASH---- C:\hiberfil.sys

2012-08-09 21:47:28 ----A---- C:\TDSSKiller.2.7.48.0_09.08.2012_21.47.28_log.txt

2012-07-28 16:55:27 ----D---- C:\Windows\Sun

2012-07-28 13:11:33 ----D---- C:\Program Files\Trend Micro

2012-07-24 19:16:02 ----D---- C:\Program Files\Greetings Workshop

2012-07-22 21:03:39 ----D---- C:\Program Files\Common Files\HP

2012-07-22 21:01:36 ----A---- C:\Windows\system32\hpf3l101.dll

2012-07-22 20:58:16 ----N---- C:\Windows\hpomdl46.dat

2012-07-22 20:58:16 ----A---- C:\Windows\hpoins46.dat

2012-07-22 20:57:53 ----A---- C:\Windows\system32\hpzids01.dll

2012-07-22 20:57:53 ----A---- C:\Windows\system32\hppldcoi.dll

2012-07-22 20:57:52 ----A---- C:\Windows\system32\hposwia_p04a.dll

2012-07-22 20:57:52 ----A---- C:\Windows\system32\hpost_p04a.dll

2012-07-22 20:57:52 ----A---- C:\Windows\system32\hposc_p04a.dll

2012-07-22 20:57:52 ----A---- C:\Windows\system32\difxapi.dll

2012-07-22 15:51:24 ----D---- C:\Users\Stefan\AppData\Roaming\Malwarebytes

2012-07-22 15:40:44 ----D---- C:\ProgramData\Tarma Installer

2012-07-16 18:57:31 ----D---- C:\Users\Stefan\AppData\Roaming\Macromedia

2012-07-16 18:36:54 ----D---- C:\Users\Stefan\AppData\Roaming\Mozilla

2012-07-16 18:36:49 ----D---- C:\Users\Stefan\AppData\Roaming\Apple Computer

2012-07-16 18:36:28 ----D---- C:\Users\Stefan\AppData\Roaming\Adobe

2012-07-16 18:36:25 ----HD---- C:\Users\Stefan\AppData\Roaming\GTek

2012-07-16 18:36:24 ----D---- C:\Users\Stefan\AppData\Roaming\BSD

2012-07-16 18:36:23 ----D---- C:\Users\Stefan\AppData\Roaming\ATI

2012-07-16 18:34:52 ----D---- C:\Users\Stefan\AppData\Roaming\Identities

2012-07-16 18:33:25 ----SD---- C:\Users\Stefan\AppData\Roaming\Microsoft

2012-07-16 18:33:25 ----D---- C:\Users\Stefan\AppData\Roaming\Media Center Programs

2012-07-14 08:53:21 ----D---- C:\Backup Profiles

2012-07-13 03:07:36 ----A---- C:\Windows\system32\win32k.sys

2012-07-13 03:03:31 ----A---- C:\Windows\system32\mshtmled.dll

2012-07-13 03:03:30 ----A---- C:\Windows\system32\iertutil.dll

2012-07-13 03:03:29 ----A---- C:\Windows\system32\ieui.dll

2012-07-13 03:03:28 ----A---- C:\Windows\system32\ieUnatt.exe

2012-07-13 03:03:27 ----A---- C:\Windows\system32\wininet.dll

2012-07-13 03:03:26 ----A---- C:\Windows\system32\url.dll

2012-07-13 03:03:25 ----A---- C:\Windows\system32\jscript.dll

2012-07-13 03:03:24 ----A---- C:\Windows\system32\jscript9.dll

2012-07-13 03:03:23 ----A---- C:\Windows\system32\jsproxy.dll

2012-07-13 03:03:21 ----A---- C:\Windows\system32\urlmon.dll

2012-07-13 03:03:19 ----A---- C:\Windows\system32\mshtml.dll

2012-07-13 03:03:17 ----A---- C:\Windows\system32\ieframe.dll

======List of files/folders modified in the last 1 month======

2012-08-12 09:44:58 ----D---- C:\Windows\Temp

2012-08-12 09:37:44 ----D---- C:\Windows\System32

2012-08-12 09:07:35 ----SHD---- C:\System Volume Information

2012-08-12 08:58:10 ----D---- C:\Windows\system32\wbem

2012-08-12 08:58:10 ----D---- C:\Windows

2012-08-12 08:54:05 ----D---- C:\Windows\system32\config

2012-08-12 08:52:58 ----D---- C:\Windows\Tasks

2012-08-12 08:52:57 ----SD---- C:\Windows\Downloaded Program Files

2012-08-12 08:52:57 ----HD---- C:\Windows\system32\GroupPolicy

2012-08-12 08:52:57 ----D---- C:\Windows\system32\spool

2012-08-12 08:52:57 ----D---- C:\Windows\system32\Msdtc

2012-08-12 08:52:57 ----D---- C:\Windows\system32\drivers\etc

2012-08-12 08:52:57 ----D---- C:\Windows\system32\drivers

2012-08-12 08:52:57 ----D---- C:\Windows\system32\CodeIntegrity

2012-08-12 08:52:57 ----D---- C:\Windows\system32\catroot2

2012-08-12 08:52:57 ----D---- C:\Windows\inf

2012-08-12 08:52:28 ----HD---- C:\ProgramData

2012-08-12 08:52:28 ----D---- C:\ProgramData\Spybot - Search & Destroy

2012-08-12 08:52:28 ----D---- C:\ProgramData\AVAST Software

2012-08-12 08:52:27 ----D---- C:\Program Files\SystemRequirementsLab

2012-08-12 08:52:26 ----D---- C:\Program Files\CCleaner

2012-08-12 08:52:19 ----D---- C:\Windows\registration

2012-08-12 08:34:53 ----D---- C:\Windows\system32\Tasks

2012-08-12 08:34:10 ----D---- C:\ProgramData\Yahoo!

2012-08-12 08:33:19 ----D---- C:\Windows\Prefetch

2012-08-12 08:28:26 ----SHD---- C:\Boot

2012-08-12 08:06:29 ----RD---- C:\Program Files

2012-08-10 20:39:34 ----D---- C:\Program Files\Mozilla Firefox

2012-08-09 18:30:29 ----SHD---- C:\Windows\Installer

2012-07-28 11:15:04 ----D---- C:\Windows\Panther

2012-07-28 11:15:02 ----D---- C:\Windows\Debug

2012-07-24 19:17:09 ----RSD---- C:\Windows\Fonts

2012-07-24 19:17:02 ----D---- C:\Program Files\Common Files\microsoft shared

2012-07-22 21:06:25 ----D---- C:\Windows\twain_32

2012-07-22 21:04:11 ----D---- C:\Windows\winsxs

2012-07-22 21:03:39 ----D---- C:\Program Files\Common Files

2012-07-22 20:59:06 ----D---- C:\Program Files\HP

2012-07-22 20:54:53 ----D---- C:\autoruns

2012-07-22 20:47:06 ----D---- C:\Windows\system32\catroot

2012-07-22 15:52:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2012-07-22 15:50:03 ----D---- C:\ProgramData\Viewpoint

2012-07-18 08:34:52 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

2012-07-16 18:36:20 ----SHD---- C:\$Recycle.Bin

2012-07-16 18:33:25 ----RD---- C:\Users

2012-07-13 03:24:08 ----D---- C:\Windows\system32\migration

2012-07-13 03:24:08 ----D---- C:\Program Files\Internet Explorer

2012-07-13 03:04:46 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;ATI PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 8192]

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-08-16 36592]

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2012-07-03 35928]

R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-07-03 721000]

R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-07-03 353688]

R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-07-03 54232]

R1 KmReg;System kernel configuration; \??\C:\Windows\system32\NTIOH404.SYS [2008-09-09 38784]

R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\NTDOSP412.SYS [2008-09-09 122112]

R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-07-03 21256]

R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-07-03 57656]

R2 dsunidrv;DellSupport UniDriver; C:\Windows\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192]

R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 534016]

R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-03-12 45568]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848]

R3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 2085888]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]

R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968]

S3 BTCFilterService;USB Networking Driver Filter Service; C:\Windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]

S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [2006-10-05 4736]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys []

S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2009-06-19 19712]

S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2009-01-29 8320]

S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-10-27 23936]

S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 6400]

S3 Motousbnet;Motorola USB Networking Driver Service; C:\Windows\system32\DRIVERS\Motousbnet.sys [2009-10-27 24960]

S3 motport;Motorola USB Diagnostic Port; C:\Windows\system32\DRIVERS\motport.sys [2009-10-27 23936]

S3 motusbdevice;Motorola USB Dev Driver; C:\Windows\system32\DRIVERS\motusbdevice.sys [2009-05-06 6656]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]

S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\Windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]

S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]

S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]

S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]

S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\Windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]

S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]

S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\Windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2011-02-18 41984]

S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344]

S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144]

S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-09-30 40448]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]

S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2006-11-20 43520]

S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2006-11-20 37376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]

R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2006-11-25 557056]

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-07-03 44808]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-10-07 345376]

R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-19 21504]

R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-11-25 91392]

R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]

R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]

R2 Scprtn;System kernel integrity service; C:\Windows\system32\msconfigr.exe [2008-09-09 179712]

R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2006-11-21 24064]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []

S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]

S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]

S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-03-07 820520]

S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

-----------------EOF-----------------

Link to post
Share on other sites

Hello caesarG! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL wouldn't work, I had to run it in safe mode

OTL logfile created on: 8/12/2012 12:06:49 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Stefan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 77.52% Memory free

3.98 Gb Paging File | 3.69 Gb Available in Paging File | 92.57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 101.71 Gb Total Space | 41.77 Gb Free Space | 41.06% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Stefan | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/12 11:58:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/09/09 16:35:12 | 000,179,712 | ---- | M] (SearchHelp, Inc.) -- C:\Windows\System32\msconfigr.exe

PRC - [2008/01/19 03:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe

========== Modules (No Company Name) ==========

MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2009/11/25 14:20:02 | 000,091,392 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)

SRV - [2008/09/09 16:35:12 | 000,179,712 | ---- | M] (SearchHelp, Inc.) [Auto | Running] -- C:\Windows\System32\msconfigr.exe -- (Scprtn)

SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/07/03 12:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009/10/27 12:06:04 | 000,024,960 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)

DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)

DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)

DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)

DRV - [2009/05/06 19:16:26 | 000,006,656 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)

DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)

DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)

DRV - [2008/09/09 16:39:24 | 000,122,112 | ---- | M] (SearchHelp, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\NTDOSP412.SYS -- (NtLclIpc)

DRV - [2008/09/09 16:39:24 | 000,038,784 | ---- | M] (SearchHelp, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\NTIOH404.SYS -- (KmReg)

DRV - [2008/05/16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)

DRV - [2008/05/16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)

DRV - [2008/05/16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)

DRV - [2008/05/16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)

DRV - [2008/05/16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)

DRV - [2008/05/16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)

DRV - [2008/05/16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)

DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)

DRV - [2007/04/03 13:59:40 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s616mgmt.sys -- (s616mgmt)

DRV - [2007/03/12 00:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2007/02/08 01:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2006/11/25 01:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)

DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{1C26829C-CA02-A840-0E78-2AAF9D9A4F13}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071031'>http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071031

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071031'>http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2071031

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\..\SearchScopes,DefaultScope = {1C26829C-CA02-A840-0E78-2AAF9D9A4F13}

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\..\SearchScopes\{1C26829C-CA02-A840-0E78-2AAF9D9A4F13}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734

IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/12 08:59:08 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/08 11:42:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/22 15:50:03 | 000,000,000 | ---D | M]

[2012/07/16 18:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Extensions

[2012/07/22 15:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions

[2012/07/22 15:49:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions

[2012/08/12 09:16:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\extensions

[2012/07/16 19:02:59 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\extensions\LogMeInClient@logmein.com

[2012/07/22 15:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\staged

[2012/07/22 15:40:59 | 000,002,331 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\searchplugins\Search.xml

[2012/04/14 10:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2008/09/09 16:32:04 | 000,072,192 | ---- | M] (SearchHelp, Inc.) -- C:\Program Files\mozilla firefox\components\KBDCANO.DLL

[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2010/09/21 08:08:08 | 000,002,074 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google_search.xml

[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Stefan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Cash Organizer = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppdehaogjdmkkiaiokmjdjmjnjicddk\2.0.0.6_0\

CHR - Extension: Google Search = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Gmail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/28 16:36:57 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [OCDLMgr] File not found

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)

O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F5FD2E3-8B3D-4AB7-8207-F2D41D48BD65}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C2CB05-B8DF-4FFB-8970-10B30CC3D8CE}: DhcpNameServer = 4.2.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\Windows\system32\KBDTURMEK.DLL) - C:\Windows\System32\KBDTURMEK.DLL (SearchHelp, Inc.)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2012/07/22 20:54:53 | 000,000,000 | ---D | M] - C:\autoruns -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (lsdelete)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 11:59:06 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2012/08/12 09:44:52 | 000,000,000 | ---D | C] -- C:\rsit

[2012/08/12 09:20:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Stefan\Desktop\dds.com

[2012/08/12 08:34:10 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\yahoo!

[2012/08/12 08:06:44 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\IObit

[2012/08/12 08:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit

[2012/08/10 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012/07/28 16:55:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2012/07/28 13:11:33 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2012/07/28 13:11:33 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

[2012/07/24 19:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greetings Workshop

[2012/07/24 19:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Greetings Workshop

[2012/07/22 21:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP

[2012/07/22 20:57:53 | 000,372,736 | ---- | C] (Hewlett Packard) -- C:\Windows\System32\hppldcoi.dll

[2012/07/22 18:46:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Adobe

[2012/07/22 15:51:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes

[2012/07/22 15:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2012/07/18 11:40:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft Games

[2012/07/17 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\SupportSoft

[2012/07/16 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/07/16 19:35:51 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Google

[2012/07/16 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Macromedia

[2012/07/16 18:36:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Mozilla

[2012/07/16 18:36:54 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Mozilla

[2012/07/16 18:36:49 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Apple Computer

[2012/07/16 18:36:28 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Adobe

[2012/07/16 18:36:25 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData\Roaming\GTek

[2012/07/16 18:36:24 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\BSD

[2012/07/16 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\ATI

[2012/07/16 18:36:23 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\ATI

[2012/07/16 18:35:04 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/07/16 18:35:04 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Searches

[2012/07/16 18:35:04 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/07/16 18:34:52 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Identities

[2012/07/16 18:34:50 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Contacts

[2012/07/16 18:33:39 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\VirtualStore

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Temporary Internet Files

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Templates

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Start Menu

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\SendTo

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Recent

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\PrintHood

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\NetHood

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\My Videos

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\My Pictures

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Documents\My Music

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\My Documents

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Local Settings

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\History

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Cookies

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\Application Data

[2012/07/16 18:33:27 | 000,000,000 | -HSD | C] -- C:\Users\Stefan\AppData\Local\Application Data

[2012/07/16 18:33:25 | 000,000,000 | --SD | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Videos

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Saved Games

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Pictures

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Music

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Links

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Favorites

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Downloads

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Documents

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\Desktop

[2012/07/16 18:33:25 | 000,000,000 | R--D | C] -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/07/16 18:33:25 | 000,000,000 | -H-D | C] -- C:\Users\Stefan\AppData

[2012/07/16 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Temp

[2012/07/16 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Local\Microsoft

[2012/07/16 18:33:25 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Media Center Programs

[2012/07/14 08:53:21 | 000,000,000 | ---D | C] -- C:\Backup Profiles

========== Files - Modified Within 30 Days ==========

[2012/08/12 12:05:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/12 12:03:45 | 000,000,108 | ---- | M] () -- C:\Windows\System32\sysdnc.dat

[2012/08/12 12:01:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/12 12:01:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/12 11:58:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe

[2012/08/12 11:45:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004UA.job

[2012/08/12 11:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1000UA.job

[2012/08/12 09:43:13 | 000,781,383 | ---- | M] () -- C:\Users\Stefan\Desktop\RSIT (1).exe

[2012/08/12 09:20:30 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Stefan\Desktop\dds.com

[2012/08/12 09:00:46 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/08/12 09:00:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012/08/08 05:18:55 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004Core.job

[2012/08/08 05:18:55 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1000Core.job

[2012/07/28 16:53:00 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2012/07/28 16:52:16 | 000,002,525 | ---- | M] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk

[2012/07/28 16:40:03 | 000,003,584 | ---- | M] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/28 16:36:57 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/07/28 10:33:10 | 000,001,075 | ---- | M] () -- C:\Users\Stefan\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 19:23:04 | 000,374,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/07/24 19:17:18 | 000,000,530 | ---- | M] () -- C:\Users\Stefan\Desktop\Install Microsoft Internet Explorer.lnk

[2012/07/24 19:17:10 | 000,000,876 | ---- | M] () -- C:\Users\Stefan\Desktop\Greetings Workshop.lnk

[2012/07/22 21:07:54 | 000,173,047 | ---- | M] () -- C:\Windows\hpoins46.dat

[2012/07/22 18:58:56 | 000,172,888 | ---- | M] () -- C:\Windows\hpoins46.dat.temp

[2012/07/22 16:52:35 | 000,000,945 | ---- | M] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/07/22 15:52:19 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/22 15:40:31 | 000,384,844 | ---- | M] () -- C:\Users\Stefan\AppData\Local\funmoods-speeddial.crx

[2012/07/17 22:21:35 | 002,451,358 | ---- | M] () -- C:\Users\Stefan\Documents\AutoRuns.arn

[2012/07/17 21:14:26 | 000,002,063 | ---- | M] () -- C:\Users\Stefan\Desktop\how to get.lnk

========== Files Created - No Company Name ==========

[2012/08/12 09:43:19 | 000,781,383 | ---- | C] () -- C:\Users\Stefan\Desktop\RSIT (1).exe

[2012/07/28 16:40:03 | 000,003,584 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/28 13:11:34 | 000,002,525 | ---- | C] () -- C:\Users\Stefan\Desktop\HiJackThis.lnk

[2012/07/28 10:33:10 | 000,001,075 | ---- | C] () -- C:\Users\Stefan\Desktop\Spybot - Search & Destroy.lnk

[2012/07/24 19:17:18 | 000,000,530 | ---- | C] () -- C:\Users\Stefan\Desktop\Install Microsoft Internet Explorer.lnk

[2012/07/24 19:17:10 | 000,000,876 | ---- | C] () -- C:\Users\Stefan\Desktop\Greetings Workshop.lnk

[2012/07/22 20:58:16 | 000,173,047 | ---- | C] () -- C:\Windows\hpoins46.dat

[2012/07/22 20:58:16 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat

[2012/07/22 20:10:45 | 000,172,888 | ---- | C] () -- C:\Windows\hpoins46.dat.temp

[2012/07/22 20:10:45 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp

[2012/07/22 16:52:35 | 000,000,945 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/07/22 15:40:39 | 000,384,844 | ---- | C] () -- C:\Users\Stefan\AppData\Local\funmoods-speeddial.crx

[2012/07/17 22:20:00 | 002,451,358 | ---- | C] () -- C:\Users\Stefan\Documents\AutoRuns.arn

[2012/07/17 21:14:26 | 000,002,063 | ---- | C] () -- C:\Users\Stefan\Desktop\how to get.lnk

[2012/07/16 19:35:54 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004UA.job

[2012/07/16 19:35:52 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-658165674-4144835535-2735956361-1004Core.job

[2012/07/16 18:35:09 | 000,000,951 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/07/16 18:35:03 | 000,000,946 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012/07/16 18:34:49 | 000,000,917 | ---- | C] () -- C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk

[2012/07/16 18:33:26 | 000,000,258 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/07/16 18:33:26 | 000,000,240 | ---- | C] () -- C:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/02/11 23:44:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011/06/13 20:49:18 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011/06/13 20:49:18 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/10/27 16:36:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010/10/27 16:36:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010/10/27 16:32:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010/10/23 13:49:29 | 000,000,304 | ---- | C] () -- C:\Windows\wininit.ini

[2010/10/20 22:33:58 | 000,000,184 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010/09/26 01:04:01 | 000,000,701 | ---- | C] () -- C:\ProgramData\.wtav

[2010/06/15 20:01:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2010/09/29 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\058479B69CEFD18F822BE98C006BDD75

[2009/03/19 19:10:04 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\acccore

[2012/03/20 21:30:27 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\BSD

[2012/02/11 19:32:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FrostWire

[2008/01/05 16:49:22 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\MusicNet

[2011/08/15 19:32:15 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenCandy

[2010/08/06 12:11:09 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SlimBrowser

[2008/01/04 21:21:31 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Sony

[2007/11/06 21:08:23 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Template

[2012/03/20 21:43:42 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TuneUpMedia

[2012/03/20 21:53:06 | 000,000,000 | ---D | M] -- C:\Users\chucky\AppData\Roaming\BSD

[2012/03/20 21:26:53 | 000,000,000 | ---D | M] -- C:\Users\chucky\AppData\Roaming\GetRightToGo

[2012/03/18 00:48:01 | 000,000,000 | ---D | M] -- C:\Users\chucky\AppData\Roaming\SlimBrowser

[2012/02/24 22:25:13 | 000,000,000 | ---D | M] -- C:\Users\chucky\AppData\Roaming\Template

[2012/03/20 21:55:59 | 000,000,000 | ---D | M] -- C:\Users\chucky\AppData\Roaming\TuneUpMedia

[2012/07/04 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\BSD

[2012/07/04 20:21:56 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\SlimBrowser

[2012/07/11 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Michele\AppData\Roaming\Template

[2012/07/16 18:36:24 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\BSD

[2012/08/12 08:06:48 | 000,000,000 | ---D | M] -- C:\Users\Stefan\AppData\Roaming\IObit

[2012/08/12 12:03:45 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 8/12/2012 12:06:49 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Stefan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 77.52% Memory free

3.98 Gb Paging File | 3.69 Gb Available in Paging File | 92.57% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 101.71 Gb Total Space | 41.77 Gb Free Space | 41.06% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.97 Gb Free Space | 59.70% Space Free | Partition Type: NTFS

Computer Name: ALEX-PC | User Name: Stefan | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = SlimBrowserHtml] -- C:\Program Files\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)

https [open] -- "C:\Program Files\SlimBrowser\sbrowser.exe" -nosp -ni (FlashPeak, Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0E60412A-FD98-4B84-B793-C69E685BAC12}" = rport=139 | protocol=6 | dir=out | app=system |

"{168E10F7-A4B6-4A43-B1D6-1C7843113F40}" = lport=6881 | protocol=6 | dir=in | name=blizzard downloader: 6881 |

"{2DB89F9E-7A7C-43F5-BA37-42C8738C9C85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{40F1D0CA-1133-45AB-945B-3381A9068EBA}" = lport=3274 | protocol=6 | dir=in | name=blizzard downloader |

"{51813849-B170-41BA-BD5E-75248BA0C3D6}" = rport=138 | protocol=17 | dir=out | app=system |

"{807BC680-5161-4F96-8242-D67F497B6DAE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{89883B23-04A6-4AB3-9549-F59D364C9C3C}" = rport=137 | protocol=17 | dir=out | app=system |

"{8B5202D0-B726-49C9-AB77-CC5F3F06E5D8}" = lport=445 | protocol=6 | dir=in | app=system |

"{8D0F33A5-408E-4C99-B2B7-A348B93DD4A7}" = rport=445 | protocol=6 | dir=out | app=system |

"{8F4D30E0-EDDC-4EB3-837F-C155A86CBC92}" = lport=138 | protocol=17 | dir=in | app=system |

"{91AF4CFA-5890-45DE-9D53-0EECF4188DCB}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |

"{97361C13-AE02-40AC-87B6-A3CFAA00749D}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AA336E10-F438-40E2-A6C0-EF893CF96E62}" = lport=139 | protocol=6 | dir=in | app=system |

"{C46889EC-1EC1-47E7-A687-0DBA385F9B35}" = lport=137 | protocol=17 | dir=in | app=system |

"{DB1D6359-C459-484E-8719-5707B0E72A46}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{DDF9FC71-6B98-496C-B772-348657988769}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C2B366C-539F-4098-8D8A-FC1C60884579}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0DE7685A-00D6-4997-ABA9-529D0C3255DA}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{12E73BE9-0239-446F-99B8-E83FB28EE3AA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |

"{150AE18A-B7CF-41D2-BF83-45F82CE705AB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{25BD4A20-2DC6-40FD-8198-36D98AB9ADE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{30AE649F-9F28-4959-9299-4FBC29622970}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{40B5222A-3345-4143-85A2-35C02D0A4D7F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{4629E6AC-8D13-4707-AA31-31071092421F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{466EA0F5-ECB5-4821-B490-5F10E7046C1F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{508BFCA9-FD5E-4325-8E51-D38DD85B9F40}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{530EB582-65D7-4B7F-B5F0-D521CB78F0C9}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{5F03228C-FF66-4472-835B-FE1B39817BFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{6290EC94-D34D-427D-8D0E-4387BE17E10B}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{63508CEA-63EF-41B2-BEB8-930367CFCDA4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |

"{682B8E7C-D445-49B1-ADEE-A55E561305DB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{68ED268E-F46F-440D-B874-3C8899CE1541}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{6A15D82A-C62B-47CB-BC3C-B8C53606706C}" = dir=in | app=c:\users\michele\appdata\local\temp\7zs6659\setup\hpznui01.exe |

"{6D00A4C4-93BB-48AE-B1BC-B13370FDF1DF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6F9C5A6B-68CC-4AAA-A5F2-04EE53B5B14B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{6FE69BEB-664F-41EF-8F71-609647F14701}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"{71D3BBE3-A98A-4C6F-A394-8834A4F643FA}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |

"{7A0AB34E-22CF-4913-8F90-A27CC4C83975}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{8807D95C-FCB4-4414-AE31-8B6840EE6081}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{9489B8AC-AD5B-47C4-952E-CD5711B51EFC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.2.9926-to-3.2.0.10194-enus-trial-downloader.exe |

"{94A4A2FB-8290-4892-8319-98679D7242EA}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |

"{96554CD5-A2F6-4B1A-8E7D-0AC818FAE993}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{9B83D078-2539-4D93-A2A3-3F1AFCFDB00C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{B83B545E-B80E-454B-91B7-E90C7EF05296}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BB0B3B46-39FD-41B0-896C-F69AEFC6D621}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |

"{C1CEE103-AC86-43C6-A3C9-2D75A5C0F7A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C6814830-43B3-4314-A3D4-8738516B4CE8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{CDD8E81F-6481-4903-B6F7-BBF1359CDEAB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |

"{D6F19881-9963-48CF-A5A3-4AF6CB0155D4}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{DA9F4C03-BA97-4744-B2AD-1A70848239FE}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{E15192CB-25B6-43C0-8972-A60F5AF983F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{E34910D7-914F-4A7C-A979-2F3ECDB7A224}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{E657EDEF-D7E3-4FEF-8F39-813921427C39}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |

"{EDC8EF5A-99BF-4643-A382-2643AC63F696}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{EF23FDAA-56D1-4537-973C-507CCA55813E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F165F1B3-5E73-43E0-9053-8C389329664E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{F52E60D7-4156-4BC7-BF46-9E7621190FF2}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{FD15C970-17B3-43B9-8E00-27E7B2387535}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"TCP Query User{38EE5F5C-C846-4F2B-A90E-2FBB6377BFF8}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{882E4E85-2A60-453F-94EE-F1479F501C6E}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{D7E3933B-1F6B-4E13-821D-2858B1A999C7}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |

"UDP Query User{12A2A55E-6804-40A2-A076-9B9969110693}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{8E43B6B8-FDB5-4FEA-90A0-9AA9DDAABE6E}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |

"UDP Query User{EB1CEE5A-52AE-4552-B374-C386800C13F8}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{05861C9A-98C0-4A8F-9A36-EB2F7E0FA2D1}" = Sony Media Manager for PSP 2.0a

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver 14.0 Rel. 7

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet

"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center

"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C939B88E-E23C-4952-B1CD-11638664CE12}" = MotoConnect

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver

"{EAB9C426-6626-7B76-64F3-569FDCA9852D}" = ATI Catalyst Control Center Ex

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{F80BD4BC-06B8-488E-A62E-C4755013DD71}" = Network

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"avast" = avast! Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CCleaner" = CCleaner

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem

"Greetings Workshop" = Greetings Workshop

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"MediaWidget - Easy iPod Transfer_is1" = MediaWidget 6.0

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)

"Plants Vs Zombies1.0" = Plants Vs Zombies

"SpywareBlaster_is1" = SpywareBlaster 4.4

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TBSB07286.TBSB07286Toolbar" = Ecobar

"TuneUpMedia" = TuneUp Companion 2.4.2.1

"Warcraft III" = Warcraft III

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.2.2 final uninstall

"Yahoo! Extras" = Yahoo! Browser Services

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Messenger" = Yahoo! Messenger

"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-658165674-4144835535-2735956361-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/12/2012 9:41:25 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0x380, application start time 0x01cd78902a986235.

Error - 8/12/2012 9:44:32 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0xb00, application start time 0x01cd78909a60f15e.

Error - 8/12/2012 9:44:35 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0x8cc, application start time 0x01cd78909c1cb30c.

Error - 8/12/2012 9:44:37 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0xe30, application start time 0x01cd78909d3b1986.

Error - 8/12/2012 9:44:38 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0xaf4, application start time 0x01cd78909e1e0b5b.

Error - 8/12/2012 9:58:42 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application PEV.DAT, version 0.0.0.0, time stamp 0x4bd0e994,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00020fdf, process id 0x3e8, application start time 0x01cd7892950aaee6.

Error - 8/12/2012 11:59:32 AM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application OTL.exe, version 3.2.57.0, time stamp 0x2a425e19,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00170f47, process id 0x460, application start time 0x01cd78a375a5f6fd.

Error - 8/12/2012 12:00:14 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application MotoConnect.exe, version 1.1.18.0, time stamp

0x4b0ccc53, faulting module kernel32.dll, version 6.0.6002.18449, time stamp 0x4da47967,

exception code 0xe06d7363, fault offset 0x0003fc56, process id 0xd34, application

start time 0x01cd78a38e3f5434.

Error - 8/12/2012 12:02:56 PM | Computer Name = Alex-PC | Source = Application Error | ID = 1000

Description = Faulting application OTL.exe, version 3.2.57.0, time stamp 0x2a425e19,

faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code

0xc0000005, fault offset 0x00170f47, process id 0x9e0, application start time 0x01cd78a3eef0238f.

Error - 8/12/2012 12:06:09 PM | Computer Name = Alex-PC | Source = EventSystem | ID = 4609

Description =

[ Broadcom Wireless LAN Events ]

Error - 8/9/2011 3:17:45 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0

Description = 15:17:44, Tue, Aug 09, 11 Error - Unable to gain access to user store

Error - 2/11/2012 6:07:41 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0

Description = 17:07:40, Sat, Feb 11, 12 Error - Unable to gain access to user store

Error - 2/15/2012 8:56:57 PM | Computer Name = Alex-PC | Source = WLAN-Tray | ID = 0

Description = 19:56:56, Wed, Feb 15, 12 Error - Unable to gain access to user store

[ Media Center Events ]

Error - 12/9/2007 12:49:53 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/19/2007 7:12:17 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/21/2008 6:35:19 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/25/2011 8:47:36 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 8/26/2011 7:33:17 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 2/22/2012 7:13:06 PM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

Error - 7/2/2012 11:10:43 AM | Computer Name = Alex-PC | Source = MCUpdate | ID = 0

Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed

due to an abandoned mutex.'.

[ System Events ]

Error - 8/12/2012 12:01:30 PM | Computer Name = Alex-PC | Source = R300 | ID = 43015

Description = I2c return failed

Error - 8/12/2012 12:01:30 PM | Computer Name = Alex-PC | Source = R300 | ID = 43015

Description = I2c return failed

Error - 8/12/2012 12:03:09 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 8/12/2012 12:03:40 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010

Description =

Error - 8/12/2012 12:06:03 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10005

Description =

Error - 8/12/2012 12:06:09 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10005

Description =

Error - 8/12/2012 12:06:15 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10005

Description =

Error - 8/12/2012 12:06:16 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10005

Description =

Error - 8/12/2012 12:06:47 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7001

Description =

Error - 8/12/2012 12:06:47 PM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7026

Description =

< End of report >

Link to post
Share on other sites

Step 1

Please uninstall this application: Ecobar

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734
    IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\..\SearchScopes,DefaultScope = {1C26829C-CA02-A840-0E78-2AAF9D9A4F13}
    IE - HKU\S-1-5-21-658165674-4144835535-2735956361-1004\..\SearchScopes\{1C26829C-CA02-A840-0E78-2AAF9D9A4F13}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734
    FF - prefs.js..browser.search.defaultenginename: "Search"
    FF - prefs.js..browser.search.selectedEngine: "Search"
    [2012/07/22 15:40:59 | 000,002,331 | ---- | M] () -- C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\searchplugins\Search.xml
    CHR - homepage: http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734
    CHR - homepage: http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0D0DzyyC0CtCyE0AyDzytDyDzytN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1610766734
    [2012/07/22 15:40:31 | 000,384,844 | ---- | M] () -- C:\Users\Stefan\AppData\Local\funmoods-speeddial.crx
    [2012/02/11 19:32:46 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\FrostWire

    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0DE7685A-00D6-4997-ABA9-529D0C3255DA}" =-
    "{4629E6AC-8D13-4707-AA31-31071092421F}" =-
    "{D6F19881-9963-48CF-A5A3-4AF6CB0155D4}" =-
    "{DA9F4C03-BA97-4744-B2AD-1A70848239FE}" =-
    "{E34910D7-914F-4A7C-A979-2F3ECDB7A224}" =-
    "TCP Query User{882E4E85-2A60-453F-94EE-F1479F501C6E}C:\program files\limewire\limewire.exe" =-
    "UDP Query User{12A2A55E-6804-40A2-A076-9B9969110693}C:\program files\limewire\limewire.exe" =-

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

The redirect is no longer an issue

All processes killed

========== OTL ==========

Service Viewpoint Manager Service stopped successfully!

Service Viewpoint Manager Service deleted successfully!

File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

HKEY_USERS\S-1-5-21-658165674-4144835535-2735956361-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-658165674-4144835535-2735956361-1004\Software\Microsoft\Internet Explorer\SearchScopes\{1C26829C-CA02-A840-0E78-2AAF9D9A4F13}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C26829C-CA02-A840-0E78-2AAF9D9A4F13}\ not found.

Prefs.js: "Search" removed from browser.search.defaultenginename

Prefs.js: "Search" removed from browser.search.selectedEngine

C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\chjaanyu.default\searchplugins\Search.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to change the HomePage.

C:\Users\Stefan\AppData\Local\funmoods-speeddial.crx moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\xml\data folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\xml folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\themes\frostwirePro_theme folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\themes folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\torrents folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\tmp folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\plugins folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\net folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\logs\save folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\logs folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\dht folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus\active folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\azureus folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\.NetworkShare\Incomplete folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\.NetworkShare folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire\.AppSpecialShare folder moved successfully.

C:\Users\Alex\AppData\Roaming\FrostWire folder moved successfully.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0DE7685A-00D6-4997-ABA9-529D0C3255DA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0DE7685A-00D6-4997-ABA9-529D0C3255DA}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4629E6AC-8D13-4707-AA31-31071092421F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4629E6AC-8D13-4707-AA31-31071092421F}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6F19881-9963-48CF-A5A3-4AF6CB0155D4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D6F19881-9963-48CF-A5A3-4AF6CB0155D4}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA9F4C03-BA97-4744-B2AD-1A70848239FE} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA9F4C03-BA97-4744-B2AD-1A70848239FE}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E34910D7-914F-4A7C-A979-2F3ECDB7A224} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E34910D7-914F-4A7C-A979-2F3ECDB7A224}\ not found.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{882E4E85-2A60-453F-94EE-F1479F501C6E}C:\program files\limewire\limewire.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{12A2A55E-6804-40A2-A076-9B9969110693}C:\program files\limewire\limewire.exe deleted successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Stefan\Desktop\cmd.bat deleted successfully.

C:\Users\Stefan\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Alex

->Temp folder emptied: 12743052 bytes

->Temporary Internet Files folder emptied: 23127306 bytes

->Java cache emptied: 3875300 bytes

->FireFox cache emptied: 42410415 bytes

->Google Chrome cache emptied: 22224331 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 470 bytes

User: All Users

User: chucky

->Temp folder emptied: 2966114 bytes

->Temporary Internet Files folder emptied: 277712479 bytes

->Java cache emptied: 11257 bytes

->FireFox cache emptied: 247241770 bytes

->Flash cache emptied: 17424 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Michele

->Temp folder emptied: 288053 bytes

->Temporary Internet Files folder emptied: 581758172 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 227614461 bytes

->Flash cache emptied: 28206 bytes

User: Public

User: Stefan

->Temp folder emptied: 25739623 bytes

->Temporary Internet Files folder emptied: 4229521 bytes

->Java cache emptied: 360229 bytes

->FireFox cache emptied: 60382913 bytes

->Google Chrome cache emptied: 21395058 bytes

->Flash cache emptied: 1762 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1726358 bytes

RecycleBin emptied: 643141 bytes

Total Files Cleaned = 1,484.00 mb

Unable to stop System Restore Service. Error code 1084. Restore points not cleared.

Unable to start System Restore Service. Error code 1084. Restore point not created.

OTL by OldTimer - Version 3.2.57.0 log created on 08122012_182147

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.