I believe I am infected.

[g_funk3]

I cannot start my task manager, malwarebytes is automatically blocked whenever I open or start computer, and I get a xx has stopped working frequently.

I did the stealth malwarebytes and it found some stuff, but it didnt look like anything too serious. Also running Microsoft security essentials, and SuperAntispyware.

Any help would be appreciated. I have a dds log, but will wait to post until I am asked to.

Thank you

[Maniac]

Hello g_funk3 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

I have a dds log, but will wait to post until I am asked to.

Okay, please post your log file.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maurice Naggar]

Topic re-opened per request.

[g_funk3]

Microsoft® Windows Vista™ Home Basic

Boot Device: \Device\HarddiskVolume3

Install Date: 12/12/2008 12:44:48 PM

System Uptime: 5/16/2013 3:13:46 AM (30 hours ago)

.

Motherboard: Dell Inc. | | 0P301D

Processor: Intel® Core2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 2662/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 17.904 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5.937 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP1535: 4/23/2013 9:04:26 AM - Windows Update

RP1536: 4/24/2013 12:00:01 AM - Scheduled Checkpoint

RP1537: 4/25/2013 3:00:16 AM - Windows Update

RP1538: 4/28/2013 12:00:28 AM - Scheduled Checkpoint

RP1539: 4/29/2013 12:06:06 PM - Windows Update

RP1540: 5/3/2013 9:57:10 AM - Scheduled Checkpoint

RP1541: 5/4/2013 12:00:03 AM - Scheduled Checkpoint

RP1542: 5/4/2013 9:08:04 AM - Windows Update

RP1543: 5/7/2013 9:14:05 AM - Windows Update

RP1544: 5/8/2013 8:36:02 AM - Scheduled Checkpoint

RP1545: 5/9/2013 12:00:07 AM - Scheduled Checkpoint

RP1547: 5/11/2013 12:48:16 PM - Scheduled Checkpoint

RP1548: 5/12/2013 2:00:35 AM - Windows Update

RP1549: 5/15/2013 1:42:49 PM - Windows Update

RP1550: 5/16/2013 3:00:17 AM - Windows Update

RP1551: 5/17/2013 12:00:04 AM - Scheduled Checkpoint

.

==== Image File Execution Options =============

.

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

32 bit Windows Card Reader Driver

Acrobat.com

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS6

Adobe Photoshop Elements 8.0

Adobe Photoshop Lightroom 2.5

Adobe Photoshop.com Inspiration Browser

Adobe Reader X (10.1.6)

Album Art Downloader XUI 0.32

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AviSynth 2.5

Bonjour

Browser Address Error Redirector

Business Contact Manager for Outlook 2007 SP2

Business Tools Launcher

CDex - Open Source Digital Audio CD Extractor

CopyTrans Suite Remove Only

Coupon Printer for Windows

D3DX10

Dell Getting Started Guide

Dell Support Center (Support Software)

EDocs

Exact Audio Copy 0.99pb5

ffdshow v1.1.3800 [2011-03-28]

FrostWire 4.20.1

FrostWire 5.2.3

GIMP 2.8.4

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Officejet Pro 8600 Basic Device Software

HP Update

I.R.I.S. OCR

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IrfanView (remove only)

iTunes

Java 6 Update 7

JBidwatcher 2

join.me

K-Lite Codec Pack 5.6.6 (Full) BETA

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2003 Web Components

Microsoft Office 2007 Primary Interop Assemblies

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Accounting 2007

Microsoft Office Accounting ADP Payroll Addin

Microsoft Office Accounting Equifax Addin

Microsoft Office Accounting Fixed Asset Manager

Microsoft Office Accounting PayPal Addin

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Small Business Connectivity Components

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MobileMe Control Panel

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

OGA Notifier 2.0.0048.0

PDF Settings CS6

Personal Entertainment Launcher

PowerDVD

Product Support Launcher

PS3 Xploder Ultimate Edition

QuickTime

Realtek Ethernet Network Card Diagnostic tool for Windows Vista

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio Creator Audio

Roxio Creator BDAV Plugin

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Safari

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Segoe UI

Sonic CinePlayer Decoder Pack

Spelling Dictionaries Support For Adobe Reader 9

SUPERAntiSpyware

TomTom HOME 2.8.2.2264

TomTom HOME Visual Studio Merge Modules

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Videora iPod Converter 5.03

Videora iPod touch Converter 6

Visual C++ 8.0 x86 Runtime Setup Package

VLC media player 1.0.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinRAR archiver

YouTube Downloader 2.6.5

YouTube Downloader App 3.00

.

==== Event Viewer Messages From Past Week ========

.

5/15/2013 2:12:00 PM, Error: EventLog [6008] - The previous system shutdown at 2:09:36 PM on 5/15/2013 was unexpected.

5/11/2013 8:39:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.

5/11/2013 11:18:06 AM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/11/2013 11:18:03 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.

5/11/2013 1:22:13 PM, Error: EventLog [6008] - The previous system shutdown at 1:20:21 PM on 5/11/2013 was unexpected.

.

==== End Of File ===========================

[Maniac]

This is the content of Attach.txt . Where is the content of DDS.txt ?

[g_funk3]

I am looking at my desktop and I dont believe it generated a DDS.txt

[g_funk3]

I ran the dds.scr again and it only creates the attach file

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[g_funk3]

otl.txt

OTL logfile created on: 5/31/2013 7:55:33 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.67% Memory free

4.17 Gb Paging File | 2.47 Gb Available in Paging File | 59.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 11.31 Gb Free Space | 5.08% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.94 Gb Free Space | 59.37% Space Free | Partition Type: NTFS

Drive E: | 2.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: D-VISTA-5333 | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/31 07:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

PRC - [2013/05/11 22:04:18 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe

PRC - [2013/05/03 08:57:46 | 000,052,736 | ---- | M] (xx) -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe

PRC - [2013/02/21 10:47:12 | 000,241,675 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\javas.exe

PRC - [2013/02/21 10:47:09 | 000,023,552 | ---- | M] (xx) -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe

PRC - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe

PRC - [2012/04/04 07:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

PRC - [2011/10/09 18:06:40 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe

PRC - [2011/10/09 11:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/08/19 01:19:40 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008/08/19 01:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe

PRC - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/07/20 18:45:06 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 03:19:52 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\2a0bdb3ab5d40efcf07ac933e3b9c8e4\System.Deployment.ni.dll

MOD - [2013/05/16 03:19:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll

MOD - [2013/05/16 03:18:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll

MOD - [2013/02/21 10:47:12 | 000,241,675 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\javas.exe

MOD - [2013/02/21 10:47:10 | 000,194,048 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\curllib.dll

MOD - [2013/02/21 10:47:10 | 000,110,592 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\openldap.dll

MOD - [2013/02/21 10:47:10 | 000,065,536 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\libsasl.dll

MOD - [2013/02/14 04:43:33 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\dae1b2e49e240e879a6523025cc306fb\Microsoft.VisualBasic.ni.dll

MOD - [2013/01/09 04:36:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll

MOD - [2013/01/09 04:36:26 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll

MOD - [2013/01/09 04:36:06 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013/01/09 04:35:17 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013/01/09 04:35:06 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/08/26 08:07:27 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll

MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Services (SafeList) ==========

SRV - [2013/05/15 06:51:56 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)

SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2010/10/25 15:57:37 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)

SRV - [2008/08/19 01:19:38 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)

SRV - [2008/08/14 01:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)

SRV - [2008/07/20 18:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2013/05/08 07:53:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)

DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)

DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)

DRV - [2008/08/26 12:55:14 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)

DRV - [2008/08/19 02:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2008/08/19 02:02:56 | 000,027,648 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)

DRV - [2008/01/20 21:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5B 85 AC 0C EE BF DE 46 8F 05 9F E1 62 9D F3 EB [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5B 85 AC 0C EE BF DE 46 8F 05 9F E1 62 9D F3 EB [binary data]

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=6081213

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 5B 85 AC 0C EE BF DE 46 8F 05 9F E1 62 9D F3 EB [binary data]

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287819&CUI=UN41892431801781318

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_enUS306&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=CCzsRDiKUX_AZxSozZbf8H7Z_K4?q={searchTerms}

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

[2010/12/28 13:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions

[2010/12/28 13:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: ()

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - homepage: http://search.conduit.com/?CUI=UN32469660001539318&ctid=CT3287819&SearchSource=48

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.0_0\

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.17859_0\

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: No name found = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001..\Run: [AdobeBridge] File not found

O4 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001..\Run: [JavaUpdate] C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe (xx)

O4 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001..\Run: [JavaUpdate2] C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe (xx)

O4 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)

O15 - HKU\.DEFAULT\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 8.8.8.8

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2E72B21-53B6-4E94-B6D6-E6DA898A31EE}: DhcpNameServer = 209.18.47.61 8.8.8.8

O20 - AppInit_DLLs: (C:\WINDOWS\SYSTEM32\BRDGCFG32.DLL) - File not found

O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/31 07:53:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2013/05/17 09:23:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr

[2013/05/16 03:10:01 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/05/16 03:00:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/05/16 03:00:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/05/16 03:00:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2013/05/16 03:00:54 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/05/16 03:00:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/05/16 03:00:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2013/05/16 03:00:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2013/05/15 03:17:22 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2013/05/15 03:17:05 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll

[2013/05/03 08:56:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/05/01 09:20:33 | 000,000,000 | ---D | C] -- C:\TEMP

[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/31 07:55:11 | 1948,337,152 | ---- | M] () -- C:\Program Files\outlook (2).pst

[2013/05/31 07:53:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe

[2013/05/31 07:51:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/31 07:29:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3573513136-401909964-3576262170-1006UA.job

[2013/05/31 07:09:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3573513136-401909964-3576262170-1001UA.job

[2013/05/31 06:00:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/31 06:00:17 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/30 23:29:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3573513136-401909964-3576262170-1006Core.job

[2013/05/30 22:09:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3573513136-401909964-3576262170-1001Core.job

[2013/05/29 12:05:26 | 000,652,962 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/05/29 12:05:26 | 000,122,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/05/29 12:00:39 | 000,002,633 | ---- | M] () -- C:\Users\Chris\Desktop\Microsoft Office Outlook 2007.lnk

[2013/05/29 12:00:14 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job

[2013/05/29 11:59:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/29 11:59:52 | 2110,771,200 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/23 18:10:16 | 000,002,046 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/05/23 18:10:15 | 000,002,044 | ---- | M] () -- C:\Users\Chris\Desktop\Google Chrome.lnk

[2013/05/23 12:28:28 | 000,002,651 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk

[2013/05/17 09:23:26 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr

[2013/05/16 03:16:17 | 003,775,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2013/05/15 06:51:42 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2013/05/15 06:51:42 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/05/08 07:53:48 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2013/05/05 14:12:55 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/05/02 10:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[1 C:\Users\Chris\Desktop\*.tmp files -> C:\Users\Chris\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/03 08:55:41 | 2110,771,200 | -HS- | C] () -- C:\hiberfil.sys

[2013/02/22 13:59:02 | 000,001,504 | ---- | C] () -- C:\Users\Chris\AppData\Local\recently-used.xbel

[2012/02/15 22:28:42 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2010/07/08 12:09:18 | 000,000,056 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\7063dd7c

[2010/07/06 11:09:04 | 000,000,650 | -HS- | C] () -- C:\ProgramData\1890814507

[2010/07/06 11:09:02 | 000,000,817 | ---- | C] () -- C:\ProgramData\551803515

[2010/07/06 11:08:30 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe

[2008/12/29 12:21:15 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat

[2008/12/23 08:39:50 | 1948,337,152 | ---- | C] () -- C:\Program Files\outlook (2).pst

[2008/12/18 11:28:18 | 000,133,632 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/18 11:22:30 | 001,642,502 | ---- | C] () -- C:\Users\Chris\shoes.jpg

[2008/12/18 11:22:30 | 001,483,448 | ---- | C] () -- C:\Users\Chris\spy glasses.jpg

[2008/12/18 11:22:30 | 001,470,736 | ---- | C] () -- C:\Users\Chris\shoes2.jpg

[2008/12/18 11:22:16 | 213,111,154 | ---- | C] () -- C:\Users\Chris\run 38-2.zip

[2008/12/18 11:22:16 | 002,059,105 | ---- | C] () -- C:\Users\Chris\Build book ad.jpg

[2008/12/18 11:22:16 | 001,845,852 | ---- | C] () -- C:\Users\Chris\DSC02137.JPG

[2008/12/18 11:22:16 | 001,788,112 | ---- | C] () -- C:\Users\Chris\DSC02135.JPG

[2008/12/18 11:22:16 | 000,000,513 | ---- | C] () -- C:\Users\Chris\HP Photo Printing.lnk

[2008/12/18 11:16:04 | 000,000,605 | ---- | C] () -- C:\Users\Chris\Ulead Photo Express 3.0 SE.lnk

[2008/12/18 11:16:04 | 000,000,365 | ---- | C] () -- C:\Users\Chris\WinZip.lnk

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

< End of report >

[g_funk3]

extras

OTL Extras logfile created on: 5/31/2013 7:55:33 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 57.67% Memory free

4.17 Gb Paging File | 2.47 Gb Available in Paging File | 59.27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 11.31 Gb Free Space | 5.08% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.94 Gb Free Space | 59.37% Space Free | Partition Type: NTFS

Drive E: | 2.00 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: D-VISTA-5333 | User Name: Chris | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{182F94FF-BB1D-4300-8C6B-D36DC9451169}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{C3DF47C1-624A-431E-B924-53FE913332AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{E21B93F3-879A-4E19-8B67-2298717F7643}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework\v3.0\windows communication foundation\smsvchost.exe |

"{EDDC9477-867F-4896-BDF9-57A80EB670AE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01B274C9-394D-4387-98E6-8B496468EC16}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |

"{03DF788F-89B7-44C5-988A-758B79F4DC4D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{17A0B9E2-3624-43D4-81DF-CBF8B308EED2}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{2B3052F2-F568-4D3C-9272-0B87642114F6}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{35DCF6BC-AA15-4210-B194-9C38E7BF5021}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{38E044C0-7303-49A3-8E52-49BA7BEE8BB4}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |

"{43C30BE7-782C-4B69-B4BB-6D35AB5B6A3F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4AF337B8-5E0D-4EC6-87F8-6C6312617E28}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |

"{5697E156-7544-47BE-B741-B0D2CF3218D2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{587BDC2E-6074-411F-BFA8-CE4C3F53AA8A}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{6AFB491D-81A0-45A4-8D2C-4474922A9C92}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{77BE3E79-6E80-4212-8F05-80BBD9E2F270}" = dir=in | app=c:\windows\explorer.exe |

"{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{80BFB43B-6EDD-416A-8BE7-AB593235FED2}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"{848BCD42-CBC0-4424-B699-34428FCCDB9C}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |

"{8F191355-9783-4200-9386-83F445EED79F}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{92459C5E-D350-4cba-AA74-C8F989C9336F}" = protocol=17 | dir=out | app=c:\windows\explorer.exe |

"{9A0BC669-FCE0-435D-BC0D-FD8690D7A93E}" = dir=in | app=c:\itunes.exe |

"{B078B2B6-A878-44ff-9BCC-458257924F96}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{B1A40E4F-58DB-490f-9D18-55B5194E8BD5}" = protocol=6 | dir=out | app=c:\windows\explorer.exe |

"{BC092041-4B10-4A84-8E19-1EBD2F1309DA}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |

"{C3E9B20A-B7E2-4aab-9835-3C548937E46F}" = dir=out | app=c:\windows\explorer.exe |

"{C9706A3E-3C6A-47AD-9ADE-A5C75FF57013}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{D566DCC8-FF00-476C-950F-1C06ED3DFDF4}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{D723C58C-E40F-4062-9E13-B46338723C99}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"{D7FBF5A3-DCF0-4BF8-837A-8527FA1AC37E}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

"{E633B8D5-CDC7-4F5A-AB43-0DBE152E19C0}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools

"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data

"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin

"{37F964E4-9C3F-4066-B933-1747D3AC6737}" = Personal Entertainment Launcher

"{390DD8BB-BB57-4942-A029-2D913E4E9D74}" = Microsoft Security Client

"{395A57A6-E0E1-C599-3A28-19A96682B4C6}" = Adobe Photoshop.com Inspiration Browser

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager

"{4850B023-A9C0-4D15-8DE6-326028CAB499}" = Visual C++ 8.0 x86 Runtime Setup Package

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}" = Adobe Download Assistant

"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari

"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin

"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{75685CA8-0B74-45BB-9C64-744A0FB79EDC}" = Business Tools Launcher

"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{8215AC14-BFC2-4ECC-96D6-1030202F8BDF}" = Visual C++ 8.0 x86 Runtime Setup Package

"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio

"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin

"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007

"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{9276EFE6-10FC-4B54-A68A-D5332B9A0ABA}" = HP Officejet Pro 8600 Basic Device Software

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D669429-A2E4-4793-B7A0-283D259F39AF}" = Adobe Photoshop Lightroom 2.5

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2

"{B8ABB25D-1E30-4ED7-A3CE-0F8BED439647}" = Product Support Launcher

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F44F0A3A-2110-4705-B5EC-D5B6371F53C1}" = Visual C++ 8.0 x86 Runtime Setup Package

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0

"Album Art Downloader XUI" = Album Art Downloader XUI 0.32

"AviSynth" = AviSynth 2.5

"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2

"CDex" = CDex - Open Source Digital Audio CD Extractor

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"CopyTrans Suite" = CopyTrans Suite Remove Only

"Coupon Printer for Windows4.0" = Coupon Printer for Windows

"Exact Audio Copy" = Exact Audio Copy 0.99pb5

"ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]

"FrostWire" = FrostWire 4.20.1

"FrostWire 5" = FrostWire 5.2.3

"GIMP-2_is1" = GIMP 2.8.4

"Google Desktop" = Google Desktop

"HDMI" = Intel® Graphics Media Accelerator Driver

"IrfanView" = IrfanView (remove only)

"JBidwatcher_0" = JBidwatcher 2

"JBidwatcher_1" = JBidwatcher 2

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.6.6 (Full) BETA

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007

"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin

"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser

"PROR" = Microsoft Office Professional 2007

"PS3Xploder" = PS3 Xploder Ultimate Edition

"TomTom HOME" = TomTom HOME 2.8.2.2264

"Videora iPod Converter" = Videora iPod Converter 5.03

"Videora iPod touch Converter" = Videora iPod touch Converter 6

"VLC media player" = VLC media player 1.0.2

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 6/8/2011 10:02:32 AM | Computer Name = d-vista-5333 | Source = Google_Toolbar | ID = 1

Description =

Error - 6/16/2011 4:54:24 PM | Computer Name = d-vista-5333 | Source = WinMgmt | ID = 4

Description =

Error - 6/22/2011 3:45:12 PM | Computer Name = d-vista-5333 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19088 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 7c8 Start Time: 01cc2c68ab1e930c Termination Time: 203

Error - 7/15/2011 1:44:41 PM | Computer Name = d-vista-5333 | Source = Application Hang | ID = 1002

Description = The program PhotoshopElementsEditor.exe version 8.0.0.0 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: a2c Start Time: 01cc4315a7754b30 Termination Time: 63

Error - 8/30/2011 9:14:44 AM | Computer Name = d-vista-5333 | Source = TomTomHOMEService | ID = 10000

Description =

Error - 8/30/2011 10:37:32 AM | Computer Name = d-vista-5333 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp

0x4e2a9406, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,

exception code 0xc0000005, fault offset 0x00067b98, process id 0x1750, application

start time 0x01cc628489e89f1f.

Error - 8/30/2011 1:05:21 PM | Computer Name = d-vista-5333 | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.19120, time stamp

0x4e2a9406, faulting module mshtml.dll, version 8.0.6001.19120, time stamp 0x4e2aaa35,

exception code 0xc0000005, fault offset 0x00067b98, process id 0x12f8, application

start time 0x01cc672292eae9c7.

Error - 9/8/2011 4:04:43 PM | Computer Name = d-vista-5333 | Source = Application Error | ID = 1000

Description = Faulting application SearchIndexer.exe, version 7.0.6002.18005, time

stamp 0x49e02459, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp

0x49e0382e, exception code 0xc0000005, fault offset 0x000b1f69, process id 0x8ac,

application start time 0x01cc6d37d530aac4.

Error - 9/13/2011 2:14:54 PM | Computer Name = d-vista-5333 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19120 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 83c Start Time: 01cc6d5ee77a5c44 Termination Time: 1153

Error - 9/13/2011 4:55:14 PM | Computer Name = d-vista-5333 | Source = Application Hang | ID = 1002

Description = The program iexplore.exe version 8.0.6001.19120 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 568 Start Time: 01cc6d5ee02c4de4 Termination Time: 312

[ OSession Events ]

Error - 12/30/2008 4:03:16 PM | Computer Name = Chris-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 90919

seconds with 900 seconds of active time. This session ended with a crash.

Error - 11/10/2009 1:47:46 PM | Computer Name = Chris-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1141529

seconds with 7980 seconds of active time. This session ended with a crash.

Error - 5/31/2011 8:42:42 AM | Computer Name = d-vista-5333 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 245305

seconds with 120 seconds of active time. This session ended with a crash.

Error - 9/24/2012 3:19:41 PM | Computer Name = d-vista-5333 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 641

seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/7/2013 4:24:25 AM | Computer Name = d-vista-5333 | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 320018

seconds with 5400 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 5/21/2013 4:33:16 AM | Computer Name = d-vista-5333 | Source = Microsoft Antimalware | ID = 2001

Description = %%860 has encountered an error trying to update signatures. New Signature

Version: Previous Signature Version: 1.151.449.0 Update Source: %%859 Update Stage:

%%854 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:

NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error

code: 0x80070643 Error description: Fatal error during installation.

Error - 5/21/2013 4:33:15 AM | Computer Name = d-vista-5333 | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 5/21/2013 10:05:07 AM | Computer Name = d-vista-5333 | Source = DCOM | ID = 10000

Description =

Error - 5/21/2013 10:05:21 AM | Computer Name = d-vista-5333 | Source = DCOM | ID = 10005

Description =

Error - 5/21/2013 10:05:24 AM | Computer Name = d-vista-5333 | Source = Service Control Manager | ID = 7000

Description =

Error - 5/21/2013 10:06:11 AM | Computer Name = d-vista-5333 | Source = DCOM | ID = 10010

Description =

Error - 5/21/2013 12:07:05 PM | Computer Name = d-vista-5333 | Source = EventLog | ID = 6008

Description = The previous system shutdown at 11:05:15 AM on 5/21/2013 was unexpected.

Error - 5/28/2013 3:05:21 PM | Computer Name = d-vista-5333 | Source = EventLog | ID = 6008

Description = The previous system shutdown at 2:03:44 PM on 5/28/2013 was unexpected.

Error - 5/29/2013 12:41:35 AM | Computer Name = d-vista-5333 | Source = Dhcp | ID = 1002

Description = The IP address lease 192.168.0.195 for the Network Card with network

address 00219B17BE33 has been denied by the DHCP server 192.168.0.20 (The DHCP

Server sent a DHCPNACK message).

Error - 5/29/2013 8:28:08 PM | Computer Name = d-vista-5333 | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.0.218 on

the Network Card with network address 00219B17BE33.

< End of report >

[Maniac]

Step 1

Please uninstall the following applications:

FrostWire 4.20.1

FrostWire 5.2.3

Step 2

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Step 3

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :OTL
  IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3287819&CUI=UN41892431801781318
  IE - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US
  O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  O3 - HKU\S-1-5-21-3573513136-401909964-3576262170-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  [2010/07/08 12:09:18 | 000,000,056 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\7063dd7c
  [2010/07/06 11:09:04 | 000,000,650 | -HS- | C] () -- C:\ProgramData\1890814507
  [2010/07/06 11:09:02 | 000,000,817 | ---- | C] () -- C:\ProgramData\551803515
  [2010/07/06 11:08:30 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
  :files
  ipconfig /flushdns /c
  :Commands
  [emptytemp]
  [clearallrestorepoints]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 4

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

• Download on the desktop RogueKiller
  
• Quit all programs
  
• Start RogueKiller.exe
  
• Wait until Prescan has finished ...
  
• Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

• Junkware Removal Tool log
  
• OTL Fix log
  
• AdwCleaner log
  
• RogueKiller log

[g_funk3]

Step 1. complete

Step 2. downloaded JRT, but cannot run it. Everytime I try to run as administrator or otherwise, it opens and is about to run (press any key) then whatever bug/ virus I have closes the JRT window immediately.

[Maniac]

Please proceed further.

[g_funk3]

OTL fix log

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}\ not found.

Registry key HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

C:\Users\Chris\AppData\Roaming\7063dd7c moved successfully.

C:\ProgramData\1890814507 moved successfully.

C:\ProgramData\551803515 moved successfully.

C:\ProgramData\unrar.exe moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris

->Temp folder emptied: 17352356512 bytes

->Temporary Internet Files folder emptied: 2022390083 bytes

->Java cache emptied: 1389182 bytes

->Google Chrome cache emptied: 354233529 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 2029136 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 57616 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: itunes

->Temp folder emptied: 66564020 bytes

->Temporary Internet Files folder emptied: 72044217 bytes

->Google Chrome cache emptied: 331640702 bytes

->Flash cache emptied: 3058 bytes

User: M

->Temp folder emptied: 9159698 bytes

->Temporary Internet Files folder emptied: 45001449 bytes

->Flash cache emptied: 41044 bytes

User: McAfeeMVSUser.Chris-PC

->Temp folder emptied: 12378599 bytes

->Temporary Internet Files folder emptied: 727045 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 231153171 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7328296 bytes

RecycleBin emptied: 10592875369 bytes

Total Files Cleaned = 29,661.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05312013_092735

Files\Folders moved on Reboot...

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKR0P22W\01[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKR0P22W\sh116[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\ads[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\data_sync[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\fastbutton[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\ads[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\ads[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\index[5].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\14CKP9V1\si[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\14CKP9V1\si[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[g_funk3]

ADW Log

All processes killed

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03BCA317-A664-45E5-93C7-BB004DA0F4AE}\ not found.

Registry key HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_USERS\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

C:\Users\Chris\AppData\Roaming\7063dd7c moved successfully.

C:\ProgramData\1890814507 moved successfully.

C:\ProgramData\551803515 moved successfully.

C:\ProgramData\unrar.exe moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Chris\Desktop\cmd.bat deleted successfully.

C:\Users\Chris\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chris

->Temp folder emptied: 17352356512 bytes

->Temporary Internet Files folder emptied: 2022390083 bytes

->Java cache emptied: 1389182 bytes

->Google Chrome cache emptied: 354233529 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 2029136 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 57616 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: itunes

->Temp folder emptied: 66564020 bytes

->Temporary Internet Files folder emptied: 72044217 bytes

->Google Chrome cache emptied: 331640702 bytes

->Flash cache emptied: 3058 bytes

User: M

->Temp folder emptied: 9159698 bytes

->Temporary Internet Files folder emptied: 45001449 bytes

->Flash cache emptied: 41044 bytes

User: McAfeeMVSUser.Chris-PC

->Temp folder emptied: 12378599 bytes

->Temporary Internet Files folder emptied: 727045 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 231153171 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 7328296 bytes

RecycleBin emptied: 10592875369 bytes

Total Files Cleaned = 29,661.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05312013_092735

Files\Folders moved on Reboot...

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKR0P22W\01[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IKR0P22W\sh116[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\ads[6].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\data_sync[1].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\fastbutton[2].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9NS1L3F9\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\ads[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\ads[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\19XP2562\index[5].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\14CKP9V1\si[3].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\14CKP9V1\si[4].htm moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[g_funk3]

Rogue killer report

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Chris [Admin rights]

Mode : Scan -- Date : 05/31/2013 09:52:17

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] chupdates.exe -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe [-] -> KILLED [TermProc]

[Microsoft][HJNAME] spoolsv.exe -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe [-] -> KILLED [TermProc]

[sUSP PATH] javas.exe -- C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\javas.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : JavaUpdate2 (C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe) [-] -> FOUND

[RUN][HJNAME] HKCU\[...]\Run : JavaUpdate (C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3573513136-401909964-3576262170-1001[...]\Run : JavaUpdate2 (C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe) [-] -> FOUND

[RUN][HJNAME] HKUS\S-1-5-21-3573513136-401909964-3576262170-1001[...]\Run : JavaUpdate (C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe) [-] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\windows\system32\config\SOFTWARE

-> D:\windows\system32\config\SYSTEM

-> D:\Users\Default\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3250310AS +++++

--- User ---

[MBR] e8d9f7b30f13d94c12a4a53c07f53c61

[bSP] 7b8e47267250a06aa39260c2dc400db6 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 112640 | Size: 10240 Mo

2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21084160 | Size: 228122 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05312013_02d0952.txt >>

RKreport[1]_S_05312013_02d0952.txt

[g_funk3]

I know we are not finished yet, but I really want to thank you for the time and effort you have put into helping me and many others out!

[Maniac]

You have missed AdwCleaner log.

[g_funk3]

Sorry I messed that up, here is the ADW log

# AdwCleaner v2.301 - Logfile created 05/31/2013 at 09:45:37

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : Chris - D-VISTA-5333

# Boot Mode : Normal

# Running from : C:\Users\Chris\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

File Found : C:\user.js

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\Shop To Win

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\ProgramData\Premium

Folder Found : C:\Users\Chris\AppData\Local\APN

Folder Found : C:\Users\Chris\AppData\Local\Babylon

Folder Found : C:\Users\Chris\AppData\Local\Conduit

Folder Found : C:\Users\Chris\AppData\Local\Supreme Savings

Folder Found : C:\Users\Chris\AppData\LocalLow\Conduit

Folder Found : C:\Users\Chris\AppData\LocalLow\PriceGong

Folder Found : C:\Users\Chris\AppData\LocalLow\TheBflix

Folder Found : C:\Users\Chris\AppData\Roaming\Babylon

Folder Found : C:\Users\Chris\Documents\ShopToWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\Freecause

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287819

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CT3272718 V5 Toolbar

Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-3573513136-401909964-3576262170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\itunes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3528 octets] - [31/05/2013 09:45:37]

########## EOF - C:\AdwCleaner[R1].txt - [3588 octets] ##########

[g_funk3]

I got JRT to run now too after doing the rest of your instructions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows Vista Home Basic x86

Ran by Chris on Fri 05/31/2013 at 12:53:29.98

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\freecause

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3287819

~~~ Files

Successfully deleted: [File] "C:\end"

Successfully deleted: [File] "C:\Windows\couponprinter.ocx"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\bcool"

Successfully deleted: [Folder] "C:\ProgramData\installmate"

Successfully deleted: [Folder] "C:\ProgramData\premium"

Successfully deleted: [Folder] "C:\Users\Chris\AppData\Roaming\babylon"

Successfully deleted: [Folder] "C:\Users\Chris\AppData\Roaming\red kawa"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\local\babylon"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\local\supreme savings"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\bcool"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\Chris\appdata\locallow\thebflix"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\coupons"

Successfully deleted: [Folder] "C:\Program Files\red kawa"

Successfully deleted: [Folder] "C:\Program Files\shop to win"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 05/31/2013 at 12:54:53.10

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[Maniac]

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

[g_funk3]

# AdwCleaner v2.301 - Logfile created 06/03/2013 at 12:11:50

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Home Basic Service Pack 2 (32 bits)

# User : Chris - D-VISTA-5333

# Boot Mode : Normal

# Running from : C:\Users\Chris\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\user.js

Folder Deleted : C:\Users\Chris\AppData\Local\APN

Folder Deleted : C:\Users\Chris\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CT3272718 V5 Toolbar

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\itunes\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3657 octets] - [31/05/2013 09:45:37]

AdwCleaner[s1].txt - [1971 octets] - [03/06/2013 12:11:50]

########## EOF - C:\AdwCleaner[s1].txt - [2031 octets] ##########

[Maniac]

Please scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
    Save it to your Desktop.
    
  • Double click on the to download the ESET Smart Installer. icon on your Desktop.
    

  [*]Check "YES, I accept the Terms of Use."

  [*]Click the Start button.

  [*]Accept any security warnings from your browser.

  [*]Under Scan Settings, check "Scan Archives" and "Remove found threats"

  [*]Click Advanced settings and select the following:

  • Scan potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth technology

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, click List Threats

  [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Click the Back button.

  [*]Click the Finish button.

[g_funk3]

C:\Users\Chris\.frostwire5\updates\frostwire-5.2.11.windows.exe multiple threats cleaned by deleting - quarantined

C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\chupdates.exe MSIL/CoinMiner.U trojan cleaned by deleting - quarantined

C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\cuda.exe a variant of Win32/BitCoinMiner.M application cleaned by deleting - quarantined

C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\javas.exe probably a variant of Win32/BitCoinMiner.M application cleaned by deleting - quarantined

C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\opencl.exe a variant of Win32/BitCoinMiner.M application cleaned by deleting - quarantined

C:\Users\Chris\AppData\Roaming\xx\xx\1.0.0.0\spoolsv.exe MSIL/CoinMiner.U trojan cleaned by deleting - quarantined

C:\Users\Chris\Downloads\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application cleaned by deleting - quarantined

C:\Users\Chris\Downloads\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Chris\Music\frostwire-5.2.3.windows.exe multiple threats cleaned by deleting - quarantined

C:\Users\Chris\Pictures\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined

C:\Users\Chris\Pictures\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined

C:\Users\Chris\Videos\YouTubeDownloaderSetup265.exe a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined