Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Kazy.27265


  • Please log in to reply

#1
Lesle

Lesle

    Member

  • Member
  • PipPip
  • 15 posts
On my adminstrator account I can no longer open AOL mail in Firefox. In Internet Explorer, the AOL webpage blinks out when I try to open, compose, close, or move an email (so for a second I see the desktop wallpaper, then it comes back up with the AOL page again). I have several user accounts on my laptop; mine is the administrator account. On other accounts, I can still access AOL mail using Firefox, but not from my account -- Firefox lets me do the AOL sign-in, but never stops "loading". The computer is also painfully slow to do everything, sometimes simply for typing, backspacing or deleting. I get frequent (daily) pop-ups to update Adobe, although I updated and restarted the computer. I get frequent pop-ups for Java Sun and Active X updates. On one user account, we got a pop-up message that looked "official," like it was from the computer saying we had a virus, but it was not from our anti-virus programs and seemed to want money to pay for the scan.

I ran Avira Antivirus and it detected TR/Kazy.27265 and I think the report also said it had several files that could not be opened or searched and so were skipped. I downloaded Microsoft Essentials and ran their virus scan, and downloaded and ran Malwarebytes. The first try to download malwarebytes I made a mistake and clicked on an ad, so did not get the correct download (found tens of thousands of problems, wanted money to fix them). I went back and downloaded the correct version and ran the scan. They didn't seem to find anything malicious.

During the past 6-9 months, we went to websites that offer free downloads to watch many episodes of Avatar the Last Airbender and Doctor Who on this laptop, not sure if from more than one account(s), but definitely Dr Who from the administrator account.

What should I do next? OTL log attached.
Thank you for any help you can render!

OTL logfile created on: 6/28/2011 2:07:15 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Leslie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 53.49% Memory free
5.49 Gb Paging File | 3.88 Gb Available in Paging File | 70.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 168.37 Gb Free Space | 76.26% Space Free | Partition Type: NTFS

Computer Name: LESLIE-PC | User Name: Leslie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
PRC - [2011/05/22 17:35:29 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/10 17:48:34 | 000,373,248 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe
PRC - [2009/07/10 17:43:28 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/29 23:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/28 23:57:54 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/12/29 23:18:38 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...e4z1l5t4872y410
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...e4z1l5t4872y410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...e4z1l5t4872y410
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://new.lds.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.lds.org"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.11.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 10:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UCS\Virtual Account Numbers [2010/11/12 00:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/30 12:48:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/23 09:14:09 | 000,000,000 | ---D | M]

[2009/12/28 22:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Extensions
[2011/06/23 20:04:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions
[2010/05/07 12:02:42 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010/11/23 14:49:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/26 16:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/04 14:58:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/22 10:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 11:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 16:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 14:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 00:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 00:56:19 | 000,000,000 | ---D | M] (Virtual Account Numbers for Firefox) -- C:\PROGRAM FILES (X86)\UCS\VIRTUAL ACCOUNT NUMBERS
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/07 12:02:36 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (OToolbarHelper Class) - {7AED0DC9-374E-440D-B966-BE292971225B} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {A1BDF46B-9DE6-4090-8791-84F26E00934C} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll (Orbiscom Ltd. All rights reserved.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCS Virtual Account Numbers] C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe (Orbiscom Ltd. All rights reserved.)
O4 - Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sundanceglob...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.85 4.2.2.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea35ef4-07ce-11df-a2a9-0026226596d8}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea35ef4-07ce-11df-a2a9-0026226596d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/28 02:06:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/27 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{0A9A3DF1-D4CD-4281-AD85-0F9D783AB6F1}
[2011/06/27 14:13:49 | 000,000,000 | R--D | C] -- C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/06/26 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{A015F872-FB65-40A5-B882-E5C175AC909D}
[2011/06/23 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Malwarebytes
[2011/06/23 16:55:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/23 16:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/23 16:55:26 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/23 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/23 15:30:35 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{C4D7D974-FEAE-479D-B9F5-B28AE0FFEA2A}
[2011/06/22 11:00:23 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/06/22 10:00:02 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{119F0A1E-D551-4D02-9908-0388BF44B9BF}
[2011/06/21 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{9BB89A42-65F4-432A-9FCE-48C578B58563}
[2011/06/21 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4FD25584-ABDB-4B58-8E17-ABF66FF8E2B0}
[2011/06/20 12:51:54 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{FA29A7E2-A8D0-4563-A656-E430573948FF}
[2011/06/19 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{19BEAA63-DA45-4430-9EF2-CAD0FF50D947}
[2011/06/18 23:19:36 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{80B9DB4B-3CC3-40B9-8166-3E16D8B83EE4}
[2011/06/16 15:43:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{507BAD81-DB4D-4811-9949-3FC2DA32D4B7}
[2011/06/15 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{B1CB0AD4-AD08-48AE-B801-79819605B5F1}
[2011/06/13 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4D652A6D-4696-43C6-978F-EFB6CB3C63AC}
[2011/06/13 07:35:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{69B6E5B2-CD3C-49C6-BF61-68A832C3D8EA}
[2011/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{FFCF0F49-C312-400B-8D64-EF0761314F1F}
[2011/06/11 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Documents\Hanna
[2011/06/11 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6D836A0E-77F5-4DEE-8DD3-9750C3630626}
[2011/06/05 21:35:01 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7CA4E7AB-0830-4C65-A3B5-773F54E2A4FE}
[2011/06/04 23:20:30 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7C0E3B85-BAB8-48CD-9364-9F63E5918C04}
[2011/06/04 09:42:43 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{9E3804E4-2767-4566-84F3-D640C1D05BD9}
[2011/06/03 13:29:39 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{68C9939F-D178-49B0-AA0F-9D2412E2A212}
[2011/06/02 16:34:57 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{C3D418D0-92E1-4C4D-8E3C-7460B521EB39}
[2011/06/01 12:33:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{876619D0-2872-4E51-B951-D833A15C104C}
[2011/05/31 19:16:59 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{710C3E7A-623D-4B1D-B02E-8A1A6825E8B5}
[2011/05/30 14:45:01 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{49C06F67-31D3-4D34-9CF9-143AC5F1B2DE}
[2011/05/29 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{053D63DD-C4C1-4972-8EA7-01D55C867617}

========== Files - Modified Within 30 Days ==========

[2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/28 01:57:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/28 01:57:58 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 16:09:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/27 14:12:36 | 000,000,632 | RHS- | M] () -- C:\Users\Leslie\ntuser.pol
[2011/06/27 14:10:24 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/26 20:49:55 | 001,592,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/26 20:49:55 | 000,449,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/26 20:49:55 | 000,005,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/26 16:25:09 | 000,000,168 | ---- | M] () -- C:\Users\Leslie\jobq.dat
[2011/06/23 16:55:40 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 13:02:37 | 000,000,574 | ---- | M] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat
[2011/06/16 11:50:25 | 000,582,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/04 17:32:26 | 000,002,455 | ---- | M] () -- C:\Users\Public\Desktop\Beta FamilySearch Indexing.lnk
[2011/05/30 23:05:12 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/23 16:55:40 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/04 17:32:27 | 000,002,455 | ---- | C] () -- C:\Users\Public\Desktop\Beta FamilySearch Indexing.lnk
[2011/05/09 18:36:21 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/01 16:03:46 | 000,000,430 | ---- | C] () -- C:\Windows\Disney.ini
[2010/07/08 11:48:31 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/07/08 11:48:31 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/07/08 11:48:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/07/08 11:48:11 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/07/08 11:48:11 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/07/08 11:48:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/07/08 11:48:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/07/08 11:48:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/05/01 17:44:47 | 000,014,848 | ---- | C] () -- C:\Users\Leslie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 10:52:04 | 000,023,115 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/19 21:38:42 | 000,000,574 | ---- | C] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat
[2010/01/18 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 16:16:23 | 000,157,570 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/12/28 22:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/28 20:32:49 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 03:46:05 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/06 03:46:05 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/06 03:46:05 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/06 03:46:05 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/11/06 02:44:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat

========== LOP Check ==========

[2009/12/28 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Acer
[2010/03/14 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Avery
[2010/08/12 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\eSobi
[2010/12/13 19:51:43 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\IrfanView
[2009/12/28 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Leadertech
[2010/12/22 01:59:33 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Local
[2011/02/16 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\ooVoo Details
[2010/04/24 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\OpenOffice.org
[2011/06/23 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/04/17 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Template
[2011/05/12 09:30:22 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   71.3KB   54 downloads

Edited by Essexboy, 02 July 2011 - 09:42 AM.

  • 0

Advertisements


#2
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi
:unsure: . My name is Michael and I am here to help you fix your computer. :yes:

Note: Before we start the process you should:
  • POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
  • Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Sorry for the late reply.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here :)



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
    FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
    [2010/05/07 12:02:42 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
    [2010/05/07 12:02:36 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O33 - MountPoints2\{2ea35ef4-07ce-11df-a2a9-0026226596d8}\Shell - "" = AutoRun
    O33 - MountPoints2\{2ea35ef4-07ce-11df-a2a9-0026226596d8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    [2011/06/27 22:30:50 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{0A9A3DF1-D4CD-4281-AD85-0F9D783AB6F1}
    [2011/06/26 15:18:44 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{A015F872-FB65-40A5-B882-E5C175AC909D}
    [2011/06/23 15:30:35 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{C4D7D974-FEAE-479D-B9F5-B28AE0FFEA2A}
    [2011/06/22 10:00:02 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{119F0A1E-D551-4D02-9908-0388BF44B9BF}
    [2011/06/21 20:17:59 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{9BB89A42-65F4-432A-9FCE-48C578B58563}
    [2011/06/21 08:16:36 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4FD25584-ABDB-4B58-8E17-ABF66FF8E2B0}
    [2011/06/20 12:51:54 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{FA29A7E2-A8D0-4563-A656-E430573948FF}
    [2011/06/19 16:47:18 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{19BEAA63-DA45-4430-9EF2-CAD0FF50D947}
    [2011/06/18 23:19:36 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{80B9DB4B-3CC3-40B9-8166-3E16D8B83EE4}
    [2011/06/16 15:43:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{507BAD81-DB4D-4811-9949-3FC2DA32D4B7}
    [2011/06/15 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{B1CB0AD4-AD08-48AE-B801-79819605B5F1}
    [2011/06/13 22:15:28 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4D652A6D-4696-43C6-978F-EFB6CB3C63AC}
    [2011/06/13 07:35:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{69B6E5B2-CD3C-49C6-BF61-68A832C3D8EA}
    [2011/06/12 14:43:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{FFCF0F49-C312-400B-8D64-EF0761314F1F}
    [2011/06/11 21:02:32 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6D836A0E-77F5-4DEE-8DD3-9750C3630626}
    [2011/06/05 21:35:01 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7CA4E7AB-0830-4C65-A3B5-773F54E2A4FE}
    [2011/06/04 23:20:30 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7C0E3B85-BAB8-48CD-9364-9F63E5918C04}
    [2011/06/04 09:42:43 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{9E3804E4-2767-4566-84F3-D640C1D05BD9}
    [2011/06/03 13:29:39 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{68C9939F-D178-49B0-AA0F-9D2412E2A212}
    [2011/06/02 16:34:57 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{C3D418D0-92E1-4C4D-8E3C-7460B521EB39}
    [2011/06/01 12:33:51 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{876619D0-2872-4E51-B951-D833A15C104C}
    [2011/05/31 19:16:59 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{710C3E7A-623D-4B1D-B02E-8A1A6825E8B5}
    [2011/05/30 14:45:01 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{49C06F67-31D3-4D34-9CF9-143AC5F1B2DE}
    [2011/05/29 21:20:22 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{053D63DD-C4C1-4972-8EA7-01D55C867617}
    [2011/06/26 16:25:09 | 000,000,168 | ---- | M] () -- C:\Users\Leslie\jobq.dat

    :Services

    :Reg

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again.
  • Under Extra Registry select Use Safelist
  • Click the Run Scan button. Post the two logs it produces in your next reply.




Next:

Please uninstall Avira, as you can't have two antivirus programs installed.

Is AT&T Services your Internet Service Provider?
  • 0

#3
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I deleted this duplicate post; also, the file did not appear to attach.

Attached Files

  • Attached File  MBR.zip   566bytes   38 downloads

Edited by Lesle, 06 July 2011 - 02:15 PM.

  • 0

#4
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, Michael,
Thank you for your help!

Here is the aswMBR log:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-06 13:59:41
-----------------------------
13:59:41.067 OS Version: Windows x64 6.1.7600
13:59:41.067 Number of processors: 1 586 0x7C02
13:59:41.083 ComputerName: LESLIE-PC UserName: Leslie
13:59:45.280 Initialize success
14:00:12.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:00:12.703 Disk 0 Vendor: Hitachi_HTS545025B9A300 PB2OC60F Size: 238475MB BusType: 11
14:00:14.731 Disk 0 MBR read successfully
14:00:14.731 Disk 0 MBR scan
14:00:14.746 Disk 0 Windows 7 default MBR code
14:00:14.746 Service scanning
14:00:15.838 Disk 0 trace - called modules:
14:00:15.870 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:00:15.870 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003031060]
14:00:15.885 3 CLASSPNP.SYS[fffff8800107543f] -> nt!IofCallDriver -> [0xfffffa8003055bf0]
14:00:15.901 5 ACPI.sys[fffff88000e7e781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002fe1060]
14:00:15.916 Scan finished successfully
14:02:17.612 Disk 0 MBR has been saved successfully to "C:\Users\Leslie\Desktop\aswMBR Scan Log\MBR.dat"
14:02:17.612 The log file has been saved successfully to "C:\Users\Leslie\Desktop\aswMBR Scan Log\aswMBR.txt"
14:04:09.188 Disk 0 MBR has been saved successfully to "C:\Users\Leslie\Desktop\MBR.dat"
14:04:09.204 The log file has been saved successfully to "C:\Users\Leslie\Desktop\aswMBR.txt"

I attached the aswMBR zip file below.

I ran the Custom Scan/Fix but when the computer rebooted I accidentally closed the log file before saving it to the Desktop. Is the log history available somewhere else, or should I re-run the fix?

I went ahead and ran the next scan, and here is that log:

OTL Extras logfile created on: 7/6/2011 3:01:04 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Leslie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.82 Gb Available Physical Memory | 66.43% Memory free
5.49 Gb Paging File | 4.09 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 171.52 Gb Free Space | 77.69% Space Free | Partition Type: NTFS

Computer Name: LESLIE-PC | User Name: Leslie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
"{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
"{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
"{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
"{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
"{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
"{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
"{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
"{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
"{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
"{7EAF58B7-3857-4BA6-8F83-4ED73F586BE5}" = Virtual Account Numbers
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9237B4CE-100E-4A30-B455-73CDC8A438B9}" = Virtual Account Numbers
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
"{BEE9B594-5D0E-4EB5-BDBE-BA9E7C020083}" = Food Storage Planner 5.0
"{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A056D9-54B2-4F2B-8DD8-A42A73D1E5E7}" = OneTouch Software
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"0591-8077-9297-0833" = FamilySearch Indexing 3.7.7
"0591-8077-9297-0833-1" = Beta FamilySearch Indexing 3.9.2
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Buzz Lightyear 2nd Grade" = Disney/Pixar's Buzz Lightyear 2nd Grade
"Cisco Connect" = Cisco Connect
"DivX Setup.divx.com" = DivX Setup
"GridVista" = Acer GridVista
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{FB98D390-54A4-4CD1-93D3-FBC96A6F07A3}" = DesignPro 5
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.18)" = Mozilla Firefox (3.6.18)
"ParadigmPAL" = ParadigmPAL
"PROPLUS" = Microsoft Office Professional Plus 2007
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorerall\SynTPDeinstKey
"Uninstall FamilySearch Indexing" = Uninstall FamilySearch Indexing

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2011 5:35:24 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 1/6/2011 5:37:42 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 5:39:02 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 5:39:02 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 5:39:02 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 5:39:02 PM | Computer Name = Leslie-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2011 5:43:28 PM | Computer Name = Leslie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/6/2011 5:43:28 PM | Computer Name = Leslie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/6/2011 5:43:29 PM | Computer Name = Leslie-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 1/8/2011 12:46:50 AM | Computer Name = Leslie-PC | Source = EventSystem | ID = 4622
Description =

[ System Events ]
Error - 7/6/2011 12:12:11 PM | Computer Name = Leslie-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 7/6/2011 12:12:37 PM | Computer Name = Leslie-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 7/6/2011 12:15:28 PM | Computer Name = Leslie-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/6/2011 12:24:15 PM | Computer Name = Leslie-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.107.998.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 7/6/2011 12:24:15 PM | Computer Name = Leslie-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.107.998.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 7/6/2011 2:25:26 PM | Computer Name = Leslie-PC | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Scheduler service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 7/6/2011 2:37:01 PM | Computer Name = Leslie-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/6/2011 2:37:01 PM | Computer Name = Leslie-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 7/6/2011 2:37:48 PM | Computer Name = Leslie-PC | Source = Service Control Manager | ID = 7000
Description = The McAfee SiteAdvisor Service service failed to start due to the
following error: %%2

Error - 7/6/2011 2:39:17 PM | Computer Name = Leslie-PC | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.


< End of report >

I uninstalled Avira; I still have Microsoft Essentials, McAfee, and Malwarebytes Anti-Malware on the computer.

My internet service provider is Virginia Broadband.

Thank you again for your help! Please let me know if there is a way to recover that custom scan log or if I should re-run it.
Thanks!
Leslie
  • 0

#5
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

It seems that there isn't any real threat on your computer, but let's take a closer look




Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:


You haven't uninstalled Avira AntiVir. Please go to Add/Remove programs and uninstall:

Avira AntiVir Personal - Free Antivirus



Next:

Open OTL, click Quick Scan and post the log here

Edited by michaelg9, 06 July 2011 - 02:14 PM.

  • 0

#6
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, Michael,
Here's the Combofix report:

ComboFix 11-07-06.03 - Leslie 07/06/2011 16:59:41.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1778 [GMT -4:00]
Running from: c:\users\Leslie\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Leslie\AppData\Roaming\Local
c:\users\Leslie\AppData\Roaming\Local\Temp\DDM\Settings\5438.avi.ddr
c:\users\Leslie\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Leslie\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5438.avi.ddp
.
.
((((((((((((((((((((((((( Files Created from 2011-06-06 to 2011-07-06 )))))))))))))))))))))))))))))))
.
.
2011-07-06 21:13 . 2011-07-06 21:13 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2011-07-06 21:13 . 2011-07-06 21:13 -------- d-----w- c:\users\Karl\AppData\Local\temp
2011-07-06 21:13 . 2011-07-06 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-06 21:13 . 2011-07-06 21:13 -------- d-----w- c:\users\Family\AppData\Local\temp
2011-07-06 20:53 . 2011-07-06 20:53 -------- d-----w- C:\32788R22FWJFW
2011-07-06 18:25 . 2011-07-06 18:25 -------- d-----w- C:\_OTL
2011-07-06 16:10 . 2011-07-06 16:11 -------- d-----w- c:\users\Leslie\AppData\Local\{4CD7ACA0-0A98-4B55-B3CC-10E988B34EED}
2011-07-05 03:46 . 2011-07-05 03:46 -------- d-----w- c:\users\Leslie\AppData\Local\{7A578AAA-9FA6-4B93-8E1F-3799FFB1E45E}
2011-07-04 13:53 . 2011-07-04 13:53 -------- d-----w- c:\users\Leslie\AppData\Local\{502E2A80-F3B0-4F51-A9AE-8514397FCFB0}
2011-07-04 13:53 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBF6FB15-0678-4C2A-8155-A12E012AC7F6}\mpengine.dll
2011-07-03 13:53 . 2011-07-04 01:53 -------- d-----w- c:\users\Leslie\AppData\Local\{35B0768D-DFC0-4D4D-AB24-58AD82B70A60}
2011-07-02 20:54 . 2011-07-02 20:55 -------- d-----w- c:\users\Leslie\AppData\Local\{E0FA78E4-D7B8-4B8D-89BF-262C93A47DB0}
2011-07-02 20:25 . 2011-07-02 20:25 -------- d-----w- c:\users\Leslie\AppData\Local\{844E5E3E-9DD4-49E1-8008-353E2CA7A002}
2011-07-01 17:48 . 2011-07-01 17:49 -------- d-----w- c:\users\Leslie\AppData\Local\{6ABD9162-5DB1-4A27-A50E-05D63E9A08AE}
2011-06-30 15:38 . 2011-06-30 15:39 -------- d-----w- c:\users\Leslie\AppData\Local\{867AB03F-4179-44F4-B5C9-C39C5F2DAE67}
2011-06-29 13:42 . 2011-05-24 11:21 404992 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 13:42 . 2011-05-24 10:34 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 13:42 . 2011-05-24 10:34 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 13:42 . 2011-05-24 10:32 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-29 13:42 . 2011-05-24 10:34 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 13:42 . 2011-05-04 05:28 2228224 ----a-w- c:\windows\system32\mssrch.dll
2011-06-29 13:42 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\SysWow64\mssrch.dll
2011-06-29 13:42 . 2011-05-04 05:30 2326016 ----a-w- c:\windows\system32\tquery.dll
2011-06-29 13:42 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\SysWow64\tquery.dll
2011-06-29 13:42 . 2011-05-04 05:28 491520 ----a-w- c:\windows\system32\mssph.dll
2011-06-29 13:42 . 2011-05-04 05:24 593408 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-29 13:42 . 2011-05-04 04:52 428032 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2011-06-29 13:41 . 2011-05-04 05:28 779264 ----a-w- c:\windows\system32\mssvp.dll
2011-06-29 13:41 . 2011-05-04 05:24 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-29 13:41 . 2011-05-04 04:52 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2011-06-29 13:41 . 2011-05-04 04:52 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2011-06-29 13:41 . 2011-05-04 05:28 75264 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-29 13:41 . 2011-05-04 05:28 288256 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-29 13:41 . 2011-05-04 05:24 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-29 13:41 . 2011-05-04 04:52 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2011-06-29 13:41 . 2011-05-04 04:52 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2011-06-29 13:41 . 2011-05-04 04:52 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2011-06-29 13:41 . 2011-05-04 04:52 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2011-06-29 13:33 . 2011-06-29 13:33 -------- d-----w- c:\users\Leslie\AppData\Local\{B3E2847F-5021-477F-B5D0-135010E782C0}
2011-06-28 16:23 . 2011-06-28 16:23 -------- d-----w- c:\users\Leslie\AppData\Local\{DE8B0F94-5158-4618-B16E-E4EC03D3BD1B}
2011-06-23 20:57 . 2011-06-23 20:57 -------- d-----w- c:\users\Leslie\AppData\Roaming\Malwarebytes
2011-06-23 20:55 . 2011-05-29 13:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-23 20:55 . 2011-06-23 20:55 -------- d-----w- c:\programdata\Malwarebytes
2011-06-23 20:55 . 2011-05-29 13:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-23 20:55 . 2011-06-23 20:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-22 15:00 . 2011-06-23 19:36 -------- d-----w- c:\users\Leslie\AppData\Roaming\Sammsoft
2011-06-16 01:44 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-16 01:44 . 2011-04-25 05:32 1896832 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 01:44 . 2011-04-25 02:44 499712 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:44 . 2011-04-29 05:47 1110528 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 01:44 . 2011-04-29 05:08 759296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-16 01:44 . 2011-05-04 02:51 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:44 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 01:44 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:44 . 2011-05-28 03:07 3133952 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 13:55 . 2011-06-15 13:55 -------- d-----w- c:\users\Stefan\AppData\Local\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 18:20 . 2011-05-22 21:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 17:10 . 2011-05-13 03:46 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-04-22 20:18 . 2011-05-24 22:11 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-11 08:21 . 2011-05-06 10:53 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B14E30E2-FACE-4ACA-9BD9-96B54C557BEA}\mpengine.dll
2011-04-09 06:58 . 2011-05-19 02:05 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:45 . 2011-05-11 18:10 5509504 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:13 . 2011-05-11 18:10 3957632 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 18:10 3901824 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 02:05 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-27 15147400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-18 1157128]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-16 91432]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"UCS Virtual Account Numbers"="c:\progra~2\UCS\VIRTUA~1\CitiUCS.exe" [2009-07-10 373248]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-30 200704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2010-09-23 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://new.lds.org/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5517&r=273612097945l03e4z1l5t4872y410
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 12.127.17.85 4.2.2.2
FF - ProfilePath - c:\users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.lds.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Virtual Account Numbers for Firefox: [email protected] - c:\program files (x86)\UCS\Virtual Account Numbers
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Uninstall FamilySearch Indexing - c:\windows\system32\javaws.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe
c:\windows\SysWOW64\OBroker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-07-06 17:29:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-06 21:29
.
Pre-Run: 184,579,948,544 bytes free
Post-Run: 184,660,328,448 bytes free
.
- - End Of File - - 0E64AC37D2295EBB5D8B540C031FACF7


I checked for the Avira program, and it is no longer in my list of programs. Since I had not rebooted after uninstalling could that have made it appear it was still on the computer? Since the Combofix rebooted the computer, is that now be resolved?

Here is the OTL quick scan log:


OTL logfile created on: 7/6/2011 5:41:50 PM - Run 3
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Leslie\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 58.15% Memory free
5.49 Gb Paging File | 4.17 Gb Available in Paging File | 75.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.78 Gb Total Space | 172.05 Gb Free Space | 77.93% Space Free | Partition Type: NTFS

Computer Name: LESLIE-PC | User Name: Leslie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
PRC - [2011/05/22 17:35:29 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
PRC - [2010/12/09 15:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 17:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/02/02 00:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 00:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/18 05:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/10 17:48:34 | 000,373,248 | ---- | M] (Orbiscom Ltd. All rights reserved.) -- C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe
PRC - [2009/07/10 17:43:28 | 000,145,920 | ---- | M] (Orbiscom Ltd.) -- C:\Windows\SysWOW64\OBroker.exe
PRC - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/04/16 03:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe


========== Modules (SafeList) ==========

MOD - [2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/30 18:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/28 23:57:54 | 000,254,464 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/01 17:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2009/10/02 01:33:48 | 000,946,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 05:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/27 03:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...e4z1l5t4872y410

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://new.lds.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.lds.org"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:3.7.11.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7550


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 10:52:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UCS\Virtual Account Numbers [2010/11/12 00:56:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010/12/22 01:59:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/30 14:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/30 14:16:09 | 000,000,000 | ---D | M]

[2009/12/28 22:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Extensions
[2011/07/06 15:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions
[2010/11/23 14:49:06 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Leslie\AppData\Roaming\Mozilla\Firefox\Profiles\7hu15y0z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/26 16:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/04 14:58:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/07/22 10:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/22 11:21:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 16:44:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/09 14:40:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/24 00:11:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/22 01:59:29 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/11/12 00:56:19 | 000,000,000 | ---D | M] (Virtual Account Numbers for Firefox) -- C:\PROGRAM FILES (X86)\UCS\VIRTUAL ACCOUNT NUMBERS
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/07/06 17:17:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (OToolbarHelper Class) - {7AED0DC9-374E-440D-B966-BE292971225B} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSHelper.dll (Orbiscom Ltd. All rights reserved.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3 - HKLM\..\Toolbar: (Virtual Account Numbers) - {A1BDF46B-9DE6-4090-8791-84F26E00934C} - C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCSToolbar.dll (Orbiscom Ltd. All rights reserved.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCS Virtual Account Numbers] C:\Program Files (x86)\UCS\Virtual Account Numbers\CitiUCS.exe (Orbiscom Ltd. All rights reserved.)
O4 - Startup: C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicr...osoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sundanceglob...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.85 4.2.2.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 17:29:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/06 17:17:48 | 000,000,000 | R--D | C] -- C:\Users\Leslie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/07/06 17:17:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/06 16:54:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/06 16:54:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/06 16:54:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/06 16:54:00 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/06 16:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/06 16:53:34 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/06 16:52:41 | 004,132,986 | R--- | C] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:25:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/06 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\MBR
[2011/07/06 14:01:53 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Desktop\aswMBR Scan Log
[2011/07/06 13:57:06 | 001,925,512 | ---- | C] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/07/06 12:10:46 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{4CD7ACA0-0A98-4B55-B3CC-10E988B34EED}
[2011/07/04 23:46:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{7A578AAA-9FA6-4B93-8E1F-3799FFB1E45E}
[2011/07/04 09:53:33 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{502E2A80-F3B0-4F51-A9AE-8514397FCFB0}
[2011/07/03 09:53:15 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{35B0768D-DFC0-4D4D-AB24-58AD82B70A60}
[2011/07/02 16:54:38 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{E0FA78E4-D7B8-4B8D-89BF-262C93A47DB0}
[2011/07/02 16:25:09 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{844E5E3E-9DD4-49E1-8008-353E2CA7A002}
[2011/07/01 13:48:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{6ABD9162-5DB1-4A27-A50E-05D63E9A08AE}
[2011/06/30 11:38:48 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{867AB03F-4179-44F4-B5C9-C39C5F2DAE67}
[2011/06/29 09:33:03 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{B3E2847F-5021-477F-B5D0-135010E782C0}
[2011/06/28 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Local\{DE8B0F94-5158-4618-B16E-E4EC03D3BD1B}
[2011/06/28 02:06:19 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/23 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Malwarebytes
[2011/06/23 16:55:38 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/06/23 16:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/23 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/23 16:55:26 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/06/23 16:55:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/06/22 11:00:23 | 000,000,000 | ---D | C] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/06/11 22:50:30 | 000,000,000 | ---D | C] -- C:\Users\Leslie\Documents\Hanna

========== Files - Modified Within 30 Days ==========

[2011/07/06 17:28:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 17:28:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 17:17:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/07/06 17:15:56 | 000,000,632 | RHS- | M] () -- C:\Users\Leslie\ntuser.pol
[2011/07/06 17:15:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/06 17:15:01 | 2211,483,648 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/06 16:53:24 | 004,132,986 | R--- | M] (Swearware) -- C:\Users\Leslie\Desktop\ComboFix.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | M] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/07/06 13:59:34 | 001,925,512 | ---- | M] (AVAST Software) -- C:\Users\Leslie\Desktop\aswMBR.exe
[2011/06/30 11:34:51 | 000,582,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/06/28 02:06:59 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Leslie\Desktop\OTL.exe
[2011/06/26 20:49:55 | 001,592,740 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/06/26 20:49:55 | 000,449,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/06/26 20:49:55 | 000,005,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/23 16:55:40 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/20 13:02:37 | 000,000,574 | ---- | M] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2011/07/06 16:54:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/06 16:54:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/06 16:54:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/06 16:54:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/06 16:54:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/06 14:11:06 | 000,000,566 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.zip
[2011/07/06 14:04:09 | 000,000,512 | ---- | C] () -- C:\Users\Leslie\Desktop\MBR.dat
[2011/06/23 16:55:40 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/09 18:36:21 | 000,005,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/01 16:03:46 | 000,000,430 | ---- | C] () -- C:\Windows\Disney.ini
[2010/07/08 11:48:31 | 000,001,571 | ---- | C] () -- C:\Windows\Faxcpp1.ini
[2010/07/08 11:48:31 | 000,000,422 | ---- | C] () -- C:\Windows\Faxcpp.ini
[2010/07/08 11:48:12 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\Twscan32.dll
[2010/07/08 11:48:11 | 000,241,664 | ---- | C] () -- C:\Windows\SysWow64\Image32.dll
[2010/07/08 11:48:11 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\Png32.dll
[2010/07/08 11:48:11 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Jpeg32.dll
[2010/07/08 11:48:11 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\Tga32.dll
[2010/07/08 11:48:11 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\Pcx32.dll
[2010/05/01 17:44:47 | 000,014,848 | ---- | C] () -- C:\Users\Leslie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 10:52:04 | 000,023,115 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/19 21:38:42 | 000,000,574 | ---- | C] () -- C:\Users\Leslie\AppData\Roaming\wklnhst.dat
[2010/01/18 22:35:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/12 16:16:23 | 000,157,570 | ---- | C] () -- C:\Windows\hpoins28.dat
[2009/12/28 22:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/28 20:32:49 | 000,000,246 | ---- | C] () -- C:\Windows\wininit.ini
[2009/12/06 03:46:05 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/12/06 03:46:05 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009/12/06 03:46:05 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009/12/06 03:46:05 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/11/06 02:44:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/12/12 20:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat

========== LOP Check ==========

[2009/12/28 19:32:16 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Acer
[2010/03/14 20:54:59 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Avery
[2010/08/12 14:22:40 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\eSobi
[2010/12/13 19:51:43 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\IrfanView
[2009/12/28 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Leadertech
[2011/02/16 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\ooVoo Details
[2010/04/24 13:40:41 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\OpenOffice.org
[2011/06/23 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Sammsoft
[2011/04/17 15:12:37 | 000,000,000 | ---D | M] -- C:\Users\Leslie\AppData\Roaming\Template
[2011/07/03 09:51:21 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Btw, I don't know if it is relevant or not, but the computer is typing and backspacing at the slow speed of two characters per second now.
Thanks!
Leslie
  • 0

#7
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Btw, I don't know if it is relevant or not, but the computer is typing and backspacing at the slow speed of two characters per second now.

:) We are making progress

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




Next:

Please run a full scan with Microsoft Security Essentials and post the log here

After this, tell me if your computer has any other problems, and how's working
  • 0

#8
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Michael,
I downloaded the updates and ran the mbam scan, and the results are here:


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7037

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/6/2011 8:55:54 PM
mbam-log-2011-07-06 (20-55-54).txt

Scan type: Quick scan
Objects scanned: 216428
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I ran the Microsoft Security Essentials scan - that took about 7 hours!! Afterwards, I checked and it was set to only use 50% of the cpu for the scan, but most of the time the computer was not being used for anything but the scan. The last hour I left the computer (who knew that would be the last hour??), so I'm not sure if it prompted me to do something with the file or not.... But it does not seem to have a log. Under History it just offers a report. It would not let me copy the first part of the report, so I'll type that part in, and paste the second part below it:


(detected item) Rogue:Win32/Winwebsec
(alert level) Severe
(date) 6/23/2011 9:37pm
(action taken) Removed


Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
containerfile:C:\Users\Stefan\Downloads\setup(2).exe
containerfile:C:\Users\Stefan\Downloads\setup(3).exe
containerfile:C:\Users\Stefan\Downloads\setup.exe
file:C:\Users\Stefan\Downloads\setup(2).exe->[Obfuscator.JM]->(UPX)
file:C:\Users\Stefan\Downloads\setup(3).exe->[Obfuscator.JM]->(UPX)
file:C:\Users\Stefan\Downloads\setup.exe->[Obfuscator.JM]->(UPX)

Get more information about this item online.


If there is another way to get a more complete log, please let me know how to do that. Also, if you want me to re-run that Custom Scan/Fix for which I accidentally deleted the log without saving, please let me know that also.

The webpage still totally "blinks" out for a second when I try to load my AOL mail, so I see my desktop wallpaper, or when I try to open an email, delete an email, and sometimes just when it is sitting there with my inbox open.

I still can't open AOL mail with Firefox; it only opens with Explorer. Firefox will get me to the sign-in page, allow me to sign in, but then it never stops loading the mail, just sits there on the loading page.

I also had Firefox open along with a couple of IE pages open, and when I tried to click on the little mini-window option at the bottom that appear when you roll the cursor over the mozilla or IE icon on the taskbar, it would look like it accepted my clicking on the window w/ this open, but repeatedly reverted back to the AOL loading page of mozilla (three times before it finally let me go back to this IE page on the fourth attempt).

Typing speed is normal most of the time now. It still takes a long time to do anything with my mail. Not quite as noticable with other sites, as it always seemed to take a long time to load pages to manuever through a banking website, for instance.

I am now getting constant pop-up Security Alerts that I am going to a website that is secure, or that I am now leaving a secure site and going to an unsecured site. This is new, althought it happened another time (but I can't remember what we did to fix it).

Thank you for all your help!! Btw, if you are still "working on your English," I must say you are doing an excellent job of it!
Thanks again,
Leslie

Edited by Lesle, 07 July 2011 - 11:20 AM.

  • 0

#9
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello Lesle

Just to tell you, you are now officially clean from malware :)

It seems that this problem with AOL mail is common, so it's not just your computer playing with you.

About the Security Alerts, that's normal for Internet Explorer, but if I remember well there is a tick box on that window to order it
not to show this alert again.


Do you use NoScript add-on for FireFox?



Next:



Do you recognize the IP 12.127.17.85 as a DHCP name server?

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 12.127.17.85 4.2.2.2




Next:


It seems that you are using Internet Explorer 8. Download Internet Explorer 9.
Then use this guide to clear IE's cache
Try again AOL mail and tell me the result.



Next:

Try this guide in FireFox.



Next:

Try to sign in from here to your email.

Tell me your experiences with all these
  • 0

#10
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, Michael,
Thanks for helping me get rid of the malware! :)

The AOL mail access is weird, because I can log onto my mail with Firefox using this same computer, but only from a different account; it won't work when I'm logged onto the Administrator account. I used to be able to use Firefox for opening my mail from my own account, but not for some time now.

For the Security Alerts, they just started popping up after not having done so previously. I checked the box and we'll see if they persist.

I'm not sure if we use No-Script Add-on for Firefox. With several users, I'm just not sure. If you tell me where to look, I will find out.

I do not recognize that IP # as a Dchp name server, but perhaps I am just uninformed. I don't have a domain, I'm just a single user, but could that be the ISP address?

I DLed IE9, and AOL no longer is blinking out on each command nor when sitting idle. Thank you! I also cleared the cache, although I try to do that regularly.

I tried the guide to Firefox, and followed all three of their suggestions, but Firefox will not open my mail. Although it tried to open a basic version, it was not correct, and only a strange format of the website appeared, not able to see mail.

Clicking on your last link opened the basic version of AOL mail, but it was not in Firefox, only in IE.

Otherwise, the computer is typing at normal speed, although on my account clicking anything tends to take MUCH longer than if I do a similar task on another user account. I'm still getting frequent update requests: for DivX updates, for Adobe Reader updates, and for Java updates. It doesn't seem to matter if I have updated recently and then rebooted afterwards. I get at least one of each of those per day; quite often it is once per log-in.

In other news, my husband is due to dock at the port of Izmir in about 5 more days. How's the weather on your side of the globe?

Thanks for all the help!
Leslie
  • 0

Advertisements


#11
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

As it seems all these problems only exist to your account, so an easy fix would be replicating the old account with a new one. These are the instructions to do that:

Here's another way to copy the settings from the original account to your new account:
  • Ensure you've added a new user account and that you've logged in using that account at least once - this will create the folder under C:\Users
  • Reboot the computer.
  • Sign in with an account that is neither the old or the new account. This prevents "file in use" errors while copying. (NOTE: If you don't have another account, you can create a third one or you can boot into Safe Mode and log with the ADMINISTRATOR account.)
  • Browse to c:\Users\OldUserAccount
  • Select everything in that folder except the three files called ntuser.dat, ntuser.dat.log, and ntuser.ini. (These may be hidden files, so if you don't see them, open My Computer, Tools menu, View tab, check "Show Hidden Files/Folders")
  • Copy all those files into c:\Users\NewUserAccount
  • Reboot the computer and log in with your New user account.
  • Once you confirm that all your documents are located in My Documents of the New user, you can delete the old profile (And the third account you created in Step #3 if it was needed).

If you don't want to change your account, tell me and we'll try to fix these issues manually.
If you follow this instructions, then tell me how's the new account working.


As for the weather here, it's always hot and sunny. Not sure if it's like that in Izmir too though, as it's closer to Greece rather than Cyprus.
  • 0

#12
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Michael,
I added a new user account and rebooted the computer, but I've had trouble finding the files you said not to select to carry over from the old account to the new. The directions weren't matching up with what I saw in Windows 7. Can you tell me another way to find the tools to show hidden folders?

I've also had more problems with both Firefox and IE opening mail on any account, and the only way, but I've been able to open it is in Mozilla on a separate (not the administrator) account. If I try to use Explorer, it doesn't load all the way. It worked beautifully the first time after upgrading to IE9, but now won't work at all. I can log in, but when it opens, it doesn't show properly, not the full page, leaves off buttons, and won't go into anything (just sits in "review the aol version of news" mode, won't go to inbox, etc).

Banking sites, other forums, etc., hang up and are really slow at loading, and do not always fully function (will let me log in, but might not take me to the page of the website requested, just hangs on the main page after login, or sometimes will let me login but will not show up the next page).

So do I just need to leave AOL, or is it a browser-didn't-upgrade-properly problem, or do I have a glitch somewhere else?

Sorry to take so long to get back with you, but I wanted to make sure my inability to get into mail wasn't simply due to a bad day of storms or internet service provider problems.

Thanks for all your help,
Leslie

Edited by Lesle, 09 July 2011 - 12:43 PM.

  • 0

#13
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello,

Here is how to show hidden files
Try it from the new account

It doesn't sound like a browser problem, as modern browsers shouldn't have such problems, and generally AOL has a negative reputation about quality too.

Make sure you have javascript enabled on both browsers

Update java from here

Try to view the website in compatibility view in IE. Tutorial here




Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
    [HKEY_LOCAL_MACHINE\System\CCS\Services\Tcpip\Parameters]
    "DhcpNameServer" = 4.2.2.2

    :Commands
    netsh winsock show catalog /c

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

After this fix, browse the web and see if anything changed
  • 0

#14
michaelg9

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
User returned
  • 0

#15
Lesle

Lesle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I had the black screen of death today when I tried to boot the computer, would not respond to alt-control-delete, so had to do a hard shut-down. I wonder if I should take a different course of action? I neglected to mention I also have two flash drives that I used very recently (which have been connected to public computers), and wondered if there could be a problem with malware/virus with one of them. Should I go back and repeat those first scans with the flash drives connected, so perhaps they would be scanned also?

Thanks for the help! Sorry I've not been as prompt about working on the comp. Been still a little distracted with my 15 yr-old's health, but hopefully being home from the hospital and some "kitty therapy" will promote healing! Not a fun way to spend her summer....

Leslie
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP