Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

it started with win7 antivirus 2012 [Closed]


  • This topic is locked This topic is locked

#1
brokencloud

brokencloud

    Member

  • Member
  • PipPip
  • 15 posts
I found that i had win 7 antivirus 2012 so i went about removing it. It doesn't show up in scans anymore but my computer is a disaster. It takes a very long time to load, web pages have trouble loading and often i have to restart in order to do anything. I can't get any of my software to update. everything freezes. It is a miracle i'm able to post this. here is my scan:

OTL logfile created on: 12/15/2011 4:56:18 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 0.40 Gb Available Physical Memory | 14.11% Memory free
5.73 Gb Paging File | 1.56 Gb Available in Paging File | 27.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 13.55 Gb Free Space | 6.14% Space Free | Partition Type: NTFS
Drive D: | 534.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.45 Gb Total Space | 5.17 Gb Free Space | 69.30% Space Free | Partition Type: FAT32

Computer Name: CHRIS-PC | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/12/15 15:05:19 | 003,477,320 | ---- | M] () -- C:\Program Files (x86)\McAfee\SiteAdvisor\Download\s224.1
PRC - [2011/12/15 14:13:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2011/12/13 15:03:56 | 000,855,904 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/11/29 21:00:28 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/11/20 10:40:10 | 022,453,840 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/11/17 19:29:22 | 000,134,824 | ---- | M] () -- C:\Program Files (x86)\Ask.com\UpdateTask.exe
PRC - [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2011/10/25 09:59:16 | 000,244,960 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/09/27 07:22:28 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/14 10:11:00 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/04 00:56:02 | 003,249,512 | ---- | M] (Hide My IP) -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe
PRC - [2011/05/25 13:32:36 | 005,207,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exe
PRC - [2010/11/24 10:26:40 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/20 12:13:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 10:18:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/02/10 15:59:36 | 002,074,576 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\Update.exe
PRC - [2010/02/05 10:13:00 | 003,099,600 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/25 12:54:49 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2009/11/25 12:54:49 | 000,022,816 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe
PRC - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2009/08/19 13:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/08/07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/13 20:14:31 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\runonce.exe
PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/13 15:02:35 | 001,547,104 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
MOD - [2011/11/17 19:29:22 | 000,134,824 | ---- | M] () -- C:\Program Files (x86)\Ask.com\UpdateTask.exe
MOD - [2011/10/25 09:59:16 | 000,420,576 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/11/25 12:54:49 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2011/12/13 15:03:56 | 000,855,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/10/25 09:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/10 10:53:46 | 000,102,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/04 00:56:02 | 003,249,512 | ---- | M] (Hide My IP) [On_Demand | Running] -- C:\Program Files (x86)\Hide My IP\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/07/20 12:13:14 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 10:18:47 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/08 15:32:52 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files (x86)\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 09:28:06 | 001,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/12 11:58:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2011/12/12 11:58:18 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/15 10:18:19 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/05 09:25:38 | 000,092,896 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pctplsg64.sys -- (pctplsg)
DRV:64bit: - [2010/02/05 09:17:56 | 000,306,648 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pctgntdi64.sys -- (pctgntdi)
DRV:64bit: - [2010/02/02 10:13:54 | 000,065,072 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
DRV:64bit: - [2010/02/02 10:13:54 | 000,060,416 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
DRV:64bit: - [2010/02/02 10:13:54 | 000,041,888 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
DRV:64bit: - [2009/09/23 16:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/28 02:35:52 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/16 21:33:00 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 21:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/05/19 22:10:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/05/18 17:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/07 01:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 01:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...23z105a4861424s
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...23z105a4861424s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...23z105a4861424s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...23z105a4861424s
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...23z105a4861424s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111202
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://homepage.gate...23z105a4861424s
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/?..._date=20111202"
FF - prefs.js..extensions.enabledItems: [email protected]:6.103.018.001
FF - prefs.js..extensions.enabledItems: [email protected]:3.13.2.19379
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: [email protected]:1.20.00
FF - prefs.js..extensions.enabledItems: {5911488E-9D1E-40ec-8CBB-06B231CC153F}:2.4.0
FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
FF - prefs.js..extensions.enabledItems: {00697d10-ab15-4588-b44e-53b9728ef4e7}:1.0
FF - prefs.js..keyword.URL: "http://search.bearsh...web?src=ffb&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\chris\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\[email protected] [2011/12/12 12:01:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/14 17:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/21 21:02:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/21 21:02:51 | 000,000,000 | ---D | M]

[2009/12/18 02:58:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions
[2009/12/08 17:55:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/12/12 10:48:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions
[2011/12/07 15:22:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{00697d10-ab15-4588-b44e-53b9728ef4e7}
[2011/12/01 23:35:30 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/03/12 20:55:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/18 23:35:00 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/12/01 23:35:04 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2010/07/29 17:02:43 | 000,000,000 | ---D | M] (Lipikaar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\[email protected]
[2011/12/01 22:24:51 | 000,000,000 | ---D | M] (Yontoo Layers (Drop Down Deals)) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\[email protected]
[2011/11/26 20:05:41 | 000,000,000 | ---D | M] (LimeWire Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\[email protected]
[2011/12/06 21:18:33 | 000,002,573 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\qydzh9hy.default\searchplugins\askcom.xml
[2010/03/31 13:47:35 | 000,002,277 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\qydzh9hy.default\searchplugins\BearShareWebSearch.xml
[2011/12/01 23:35:29 | 000,001,945 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\qydzh9hy.default\searchplugins\bing-zugo.xml
[2011/12/06 20:04:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/06 20:04:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/12 12:01:12 | 000,000,000 | ---D | M] ("urn:mozilla:install-manifest" em:id="[email protected]" em:name="AVG Security Toolbar" em:version="6.103.018.001" em:displayname="AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator="AVG Technologies" em:description="AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\[email protected]
[2009/12/06 07:59:08 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\components\mhxpcom.dll
[2011/12/13 15:02:35 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/02/22 15:45:04 | 000,000,973 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2011/01/24 13:12:11 | 000,002,028 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.1_0\McChPlg.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files (x86)\Common Files\Motive\npMotive.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\Users\chris\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\chris\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: SiteAdvisor = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: DealPly = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: Skype Click to Call = C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2010/07/15 10:25:14 | 000,412,182 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14241 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll ()
O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [ISTray] C:\Program Files (x86)\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\HMIPCore64.dll (Hide My IP)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AECF3AE4-3135-4EAB-BF42-31193EFB09B3}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2EF43E5-C9DC-4265-9D73-D7C8E823DB3C}: DhcpNameServer = 40.0.0.1 40.0.0.2
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\mhtb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\mhtb {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll ()
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/26 10:45:48 | 000,000,000 | ---D | M] - E:\Automatically Add to iTunes -- [ FAT32 ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\ATTPreCopy.exe -d:OPETNAEXPCI
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/15 14:42:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/12/15 14:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/12/15 14:13:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011/12/15 13:34:27 | 000,000,000 | ---D | C] -- C:\8bc92bd3894bf48b302b1fd0
[2011/12/14 19:45:05 | 000,000,000 | R--D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/12/14 12:55:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011/12/14 12:46:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011/12/14 03:12:57 | 000,000,000 | ---D | C] -- C:\c3866e23a34fd80d57e6638d
[2011/12/13 15:04:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/13 15:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2011/12/13 15:02:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/12 12:15:09 | 000,060,416 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2011/12/12 12:15:08 | 000,065,072 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2011/12/12 12:15:08 | 000,041,888 | --S- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2011/12/12 12:09:30 | 000,306,648 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2011/12/12 12:09:30 | 000,133,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2011/12/12 12:09:11 | 000,218,056 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2011/12/12 12:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Doctor
[2011/12/12 12:08:57 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2011/12/12 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2011/12/12 12:08:51 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\PC Tools
[2011/12/12 12:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/12 12:08:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2011/12/12 12:06:32 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\GetRightToGo
[2011/12/12 01:08:40 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Malwarebytes
[2011/12/12 01:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/12 01:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/12 01:08:23 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/12 01:08:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/12/09 17:56:43 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2011/12/06 20:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/12/01 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
[2011/12/01 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2011/12/01 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2011/12/01 23:33:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011/12/01 22:24:57 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\ooVoo Details
[2011/12/01 22:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
[2011/12/01 22:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2011/12/01 22:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
[2011/12/01 22:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ooVoo
[2011/12/01 03:11:03 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2011/12/01 03:10:12 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Apps
[2011/12/01 03:10:09 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Deployment
[2011/11/26 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\WarcraftPetsExpress
[2011/11/26 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\Chrisis classwork
[2011/11/21 21:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/21 21:02:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/11/21 20:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/21 20:57:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/21 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/21 20:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011/11/21 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/11/21 20:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/11/18 14:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Users\chris\Desktop\*.tmp files -> C:\Users\chris\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/15 17:59:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/15 17:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/15 17:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/15 16:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/15 16:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/15 15:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/15 15:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/15 14:44:49 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/12/15 14:42:59 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/15 14:42:59 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/12/15 14:42:59 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/12/15 14:26:06 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/15 14:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/15 14:13:40 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2011/12/15 13:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/15 13:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/15 13:05:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/15 13:04:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/15 13:04:40 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/15 13:04:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/15 13:04:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/15 13:04:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/15 13:04:39 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/15 13:04:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/15 13:04:39 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/15 13:04:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/14 23:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/14 23:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/14 22:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/14 22:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/14 21:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/14 21:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/14 20:44:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 20:44:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/14 20:35:55 | 2309,689,344 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/14 20:26:09 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/14 20:26:09 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/13 23:18:08 | 000,000,448 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for chris.job
[2011/12/13 19:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/13 19:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/13 18:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/13 18:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/13 14:58:15 | 090,281,361 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/12/12 12:09:02 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/12 11:58:19 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2011/12/12 11:58:18 | 000,035,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2011/12/12 03:07:49 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/12 00:16:14 | 000,012,426 | -HS- | M] () -- C:\Users\chris\AppData\Local\ywrueq5u4qhe1dyx0coe5q142c6o
[2011/12/12 00:16:14 | 000,012,426 | -HS- | M] () -- C:\ProgramData\ywrueq5u4qhe1dyx0coe5q142c6o
[2011/12/12 00:07:25 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/12/09 18:09:46 | 000,000,112 | ---- | M] () -- C:\ProgramData\HESW16S1.dat
[2011/12/09 18:09:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\60EM0.com.b
[2011/12/08 14:59:19 | 000,000,430 | ---- | M] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2011/12/05 07:10:40 | 000,132,096 | ---- | M] () -- C:\Windows\SysWow64\srrstr.dll
[2011/12/04 21:53:58 | 000,024,576 | ---- | M] () -- C:\Users\chris\Documents\Csuttonenglishweek4.odt
[2011/12/01 22:24:13 | 000,001,824 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/12/01 03:11:55 | 000,000,000 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/12/01 03:11:03 | 000,000,312 | ---- | M] () -- C:\Users\chris\Desktop\Curse Client.appref-ms
[2011/11/30 19:19:30 | 000,009,656 | ---- | M] () -- C:\Users\chris\Documents\computersweek 4.odt
[2011/11/30 19:19:14 | 000,016,106 | ---- | M] () -- C:\Users\chris\Documents\articlereviewenglish.odt
[2011/11/28 17:07:57 | 000,013,612 | ---- | M] () -- C:\Users\chris\Documents\ChristopherSuttonIP1.odt
[2011/11/22 15:13:33 | 000,012,886 | ---- | M] () -- C:\Users\chris\Documents\computerdiscussionweek3.odt
[2011/11/21 21:02:38 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 20:59:21 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/21 20:49:01 | 000,002,515 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/21 20:49:00 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/11/19 16:19:38 | 000,001,241 | ---- | M] () -- C:\Users\chris\Desktop\WoW.lnk
[2011/11/18 14:03:12 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/18 02:44:29 | 000,011,997 | ---- | M] () -- C:\Users\chris\Documents\discussionpost2english.odt
[2011/11/17 22:21:50 | 000,009,675 | ---- | M] () -- C:\Users\chris\Documents\compdiscussion1.odt
[1 C:\Users\chris\Desktop\*.tmp files -> C:\Users\chris\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 14:44:49 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/12/15 14:42:59 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/15 14:40:07 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/12/12 12:09:30 | 000,007,357 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.cat
[2011/12/12 12:09:11 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctcore64.cat
[2011/12/12 12:09:02 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/12 12:08:57 | 000,007,353 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.cat
[2011/12/12 01:08:29 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 18:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\60EM0.com.b
[2011/12/09 18:08:13 | 000,000,112 | ---- | C] () -- C:\ProgramData\HESW16S1.dat
[2011/12/09 18:08:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/09 18:08:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/09 18:08:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/09 18:08:12 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/09 18:08:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/09 18:08:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/09 18:08:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/09 18:08:12 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/09 18:08:11 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/09 18:08:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/09 18:08:10 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/09 18:08:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/09 18:08:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/09 18:08:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/09 18:08:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/09 18:08:09 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/09 18:08:09 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/09 18:08:09 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/09 18:08:09 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/09 18:08:09 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/09 18:08:09 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/09 18:08:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/09 18:08:08 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/09 18:08:08 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/09 18:08:07 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/09 17:55:55 | 000,012,426 | -HS- | C] () -- C:\Users\chris\AppData\Local\ywrueq5u4qhe1dyx0coe5q142c6o
[2011/12/09 17:55:55 | 000,012,426 | -HS- | C] () -- C:\ProgramData\ywrueq5u4qhe1dyx0coe5q142c6o
[2011/12/07 15:22:39 | 000,132,096 | ---- | C] () -- C:\Windows\SysWow64\srrstr.dll
[2011/12/04 21:53:54 | 000,024,576 | ---- | C] () -- C:\Users\chris\Documents\Csuttonenglishweek4.odt
[2011/12/01 23:34:40 | 000,001,937 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011/12/01 23:34:40 | 000,001,916 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Uninstaller.lnk
[2011/12/01 23:34:39 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011/12/01 22:24:13 | 000,001,824 | ---- | C] () -- C:\Users\Public\Desktop\ooVoo.lnk
[2011/12/01 03:11:55 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/12/01 03:11:03 | 000,000,312 | ---- | C] () -- C:\Users\chris\Desktop\Curse Client.appref-ms
[2011/11/30 19:19:30 | 000,009,656 | ---- | C] () -- C:\Users\chris\Documents\computersweek 4.odt
[2011/11/30 19:19:14 | 000,016,106 | ---- | C] () -- C:\Users\chris\Documents\articlereviewenglish.odt
[2011/11/28 17:07:57 | 000,013,612 | ---- | C] () -- C:\Users\chris\Documents\ChristopherSuttonIP1.odt
[2011/11/22 15:13:32 | 000,012,886 | ---- | C] () -- C:\Users\chris\Documents\computerdiscussionweek3.odt
[2011/11/21 21:02:38 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/21 20:59:21 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/18 14:03:12 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/18 02:44:29 | 000,011,997 | ---- | C] () -- C:\Users\chris\Documents\discussionpost2english.odt
[2011/11/17 22:21:50 | 000,009,675 | ---- | C] () -- C:\Users\chris\Documents\compdiscussion1.odt
[2011/11/15 19:38:13 | 000,001,241 | ---- | C] () -- C:\Users\chris\Desktop\WoW.lnk
[2011/07/19 23:22:00 | 000,000,000 | ---- | C] () -- C:\Users\chris\AppData\Local\{271D58BD-0FCA-4920-A164-9C621E82312E}
[2010/07/08 23:41:25 | 000,000,430 | ---- | C] () -- C:\Users\chris\AppData\Roaming\wklnhst.dat
[2010/03/19 21:35:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/16 12:39:27 | 000,000,110 | ---- | C] () -- C:\Windows\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini
[2009/12/20 21:08:44 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/18 02:57:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/12/14 10:58:20 | 000,000,941 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009/12/13 15:33:48 | 000,003,584 | ---- | C] () -- C:\Users\chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/07 17:46:53 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/09/07 17:46:52 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/09/07 17:46:52 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/09/07 17:46:52 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/01/10 18:25:56 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\.#
[2009/11/19 11:30:07 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Absolute Poker
[2009/12/14 09:44:57 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\acccore
[2009/11/19 01:05:04 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Acreon
[2010/06/04 00:02:43 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Facebook
[2011/12/12 12:08:29 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\GetRightToGo
[2011/03/16 20:41:19 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\gtk-2.0
[2010/03/19 19:26:55 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\HorizonWimba
[2010/12/11 14:44:35 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\LimeWire
[2010/03/19 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\MusicNet
[2010/12/18 13:11:59 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\NCH Swift Sound
[2011/12/01 22:48:14 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\ooVoo Details
[2009/11/25 14:11:56 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\OpenOffice.org
[2011/12/13 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PalaceChat 4
[2010/08/16 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Template
[2011/11/02 18:55:40 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\tixati
[2010/12/08 19:09:16 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Unity
[2009/11/26 09:20:18 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\WildTangent
[2010/08/30 01:25:24 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Wizards of the Coast
[2011/12/15 13:04:39 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/12/15 13:04:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/12/15 13:04:41 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/12/15 13:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/12/15 13:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/12/15 14:26:02 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/12/15 13:04:39 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/12/15 14:26:06 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/12/15 15:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/12/15 15:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/12/15 16:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/12/15 16:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/12/15 17:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/12/15 17:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/12/15 18:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/12/15 18:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/12/13 19:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/12/15 13:04:39 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/12/13 19:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/12/14 20:26:09 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/12/14 20:26:09 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/12/14 21:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/12/14 21:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/12/14 22:26:00 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/12/14 22:26:00 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/12/14 23:26:01 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/12/14 23:26:01 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/12/15 13:04:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/12/15 13:04:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/12/15 13:04:40 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/12/15 13:04:40 | 000,000,346 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/12/15 13:04:41 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2010/07/17 18:45:37 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 260 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
brokencloud

brokencloud

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
After posting this i recived an error message on internet explorer that reads:
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\Program Files (x86)\Internet Explorer\iexplore.exe
This application has requested the Runtime to terminate it in an unusual way
Please contact the application's support team for more information
  • 0

#3
brokencloud

brokencloud

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Microsoft security Essentials is finding infections
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you cleaned up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2011/10/25 09:59:16 | 000,244,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
    IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - prefs.js..extensions.enabledItems: {00697d10-ab15-4588-b44e-53b9728ef4e7}:1.0
    FF - prefs.js..extensions.enabledItems: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}:2.0
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
    [2011/12/07 15:22:33 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{00697d10-ab15-4588-b44e-53b9728ef4e7}
    [2011/12/01 23:35:30 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2010/05/18 23:35:00 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2011/12/01 23:35:04 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\chris\AppData\Roaming\mozilla\Firefox\Profiles\qydzh9hy.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
    O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
    O2 - BHO: (CMySite Class) - {D62EC836-BF1E-4CAC-81BE-FB9179835D8E} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll ()
    O2 - BHO: (Yontoo Layers (Drop Down Deals)) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyn0.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll ()
    [2011/12/01 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartNow Toolbar
    [2011/12/01 23:35:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
    [2011/12/01 23:35:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
    [2011/12/01 22:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo Layers Runtime (Drop Down Deals)
    [2011/12/01 22:24:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
    [2011/12/12 00:16:14 | 000,012,426 | -HS- | M] () -- C:\Users\chris\AppData\Local\ywrueq5u4qhe1dyx0coe5q142c6o
    [2011/12/12 00:16:14 | 000,012,426 | -HS- | M] () -- C:\ProgramData\ywrueq5u4qhe1dyx0coe5q142c6o
    [2011/12/09 18:09:46 | 000,000,112 | ---- | M] () -- C:\ProgramData\HESW16S1.dat
    [2011/12/09 18:09:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\60EM0.com.b
    [2011/12/05 07:10:40 | 000,132,096 | ---- | M] () -- C:\Windows\SysWow64\srrstr.dll
    [2010/01/10 18:25:56 | 000,000,000 | -HSD | M] -- C:\Users\chris\AppData\Roaming\.#

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

FINALLY

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP