Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus? Can you please view my OTL log...Many Thanks [Solved]

Started by vanessa111 , Jan 21 2012 04:29 AM

  • This topic is locked This topic is locked

#1
vanessa111
Posted 21 January 2012 - 04:29 AM

vanessa111

    New Member

  • Member
  • Pip
  • 7 posts
Hello,

If someone could please look at my log and tell me if something is creating my pc to react slowly it would be greatly appreciated.
I have been experiencing random errors, such as IE will not open, some games are running slowly, flashing or do not open and
notify exec. error, program will now exit.

When running Ashampoo Defragg always works correctly, but if I try to clean internet, it will report a run time error unless Firefox is open and
minimized. When it is not open it is unable to clean it. I have seen errors like sq lite dll not found when running Advanced System Optimizer,
but it reports no spyware or malware. The only cleaning methods I use are Windows 7 repair cleaner, and ASO.

If you have any suggestions, I would truly appreciate it.


Thank-you,
Vanessa111

Attached Files

  • Attached File  OTL.Txt   99.71KB   106 downloads

Edited by vanessa111, 21 January 2012 - 04:33 AM.

  • 0

Advertisements

#2
Gammo
Posted 25 January 2012 - 11:57 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#3
vanessa111
Posted 26 January 2012 - 12:55 AM

vanessa111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so very much for your response and willingness to look into this for me.
Any help or suggestions would be truly appreciated!

Also, a quick question regarding Adobe. I seem to have so many programs from Adobe. I
was wondering if I had many unnecessary programs that should be deleted?

Also the OTL text appears in my file, but for some reason the Extra text does not?

Thanks again,
Vanessa111







OTL logfile created on: 26/01/2012 1:44:18 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Jenny\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1023.24 Mb Total Physical Memory | 337.86 Mb Available Physical Memory | 33.02% Memory free
2.00 Gb Paging File | 1.23 Gb Available in Paging File | 61.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 62.23 Gb Free Space | 63.72% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 90.32 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
Drive E: | 37.57 Gb Total Space | 16.59 Gb Free Space | 44.16% Space Free | Partition Type: NTFS

Computer Name: JENN-PC | User Name: Jenny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - D:\Jenny\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Advanced System Optimizer 3\ASO3.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe (Systweak Inc., (www.systweak.com))
PRC - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
PRC - C:\Program Files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe (mst software GmbH, Germany)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Advanced System Optimizer 3\ASEng.dll ()
MOD - C:\Program Files\Advanced System Optimizer 3\asohtm.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (nosGetPlusHelper) getPlus® -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ASO3DiskOptimizer) -- C:\Program Files\Advanced System Optimizer 3\ASO3DefragSrv.exe (Systweak Inc., (www.systweak.com))
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo HDD Control\Dfsdks.exe (mst software GmbH, Germany)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (ADASPROT) -- C:\Program Files\Advanced System Optimizer 3\adasprot32.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (smbusp) Intel® -- C:\Windows\System32\drivers\intelsmb.sys (Intel Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (DKRtWrt) -- C:\Windows\System32\drivers\DKRtWrt.sys (Diskeeper Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 1E EB F5 5E 6D CB 01 [binary data]
IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.100: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jenny\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/28 01:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/20 03:52:49 | 000,000,000 | ---D | M]

[2010/10/16 14:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions
[2010/10/16 14:52:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Extensions\[email protected]
[2011/08/20 02:10:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jenny\AppData\Roaming\mozilla\Firefox\Profiles\tfsp37td.default\extensions
[2012/01/20 03:41:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/21 01:23:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/01 03:12:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2012/01/20 03:41:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/04/14 11:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/28 01:02:36 | 000,906,360 | ---- | M] (www.devalvr.com) -- C:\Program Files\mozilla firefox\plugins\npdevalvr.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\12.0.742.100\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jenny\AppData\Local\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2010/10/16 06:26:39 | 000,000,864 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName =
O7 - HKU\S-1-5-21-1571136059-1058656699-1501102439-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction =
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D2CF9D0-113A-476B-986F-288B54571614} http://www.devalvr.c...valvrplugin.php (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.198
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5547B74-24ED-4B48-A4F9-E9E59FB38B36}: DhcpNameServer = 64.71.255.198
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d63b8687-d934-11df-9dcf-904df5a2ee67}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck sasnative32)
O34 - HKLM BootExecute: (autocheck 双/㵆䰑鹍ࠀ{0E83DA27-D90C-11DF-B013-806E6F6E6963}:AutoDefrag)
O34 - HKLM BootExecute: (autocheck efrag)
O34 - HKLM BootExecute: (autocheck ߛ
ꈒ到ἘÄt쌐t)
O34 - HKLM BootExecute: (autocheck r噌罒啪ࠂ)
O34 - HKLM BootExecute: (autocheck frag)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/24 00:32:16 | 000,000,000 | ---D | C] -- C:\Users\Jenny\Documents\Alibi in Ashes
[2012/01/24 00:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Her Interactive
[2012/01/23 03:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delicious - Emily's Taste of Fame
[2012/01/06 04:04:40 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2012/01/05 03:33:52 | 000,000,000 | ---D | C] -- C:\Users\Jenny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diet & Exercise Assistant
[2012/01/05 03:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Keyoe
[2012/01/05 02:34:33 | 000,000,000 | ---D | C] -- C:\Users\Jenny\.gstreamer-0.10
[2012/01/03 23:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/01/03 23:38:48 | 000,016,184 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/01/03 23:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Optimizer 3
[2012/01/03 23:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Optimizer 3
[2012/01/02 07:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cake Mania 3

========== Files - Modified Within 30 Days ==========

[2012/01/25 20:51:31 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 20:51:31 | 000,020,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 20:44:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 20:44:04 | 804,708,352 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 23:39:14 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job
[2012/01/24 00:31:07 | 000,001,401 | ---- | M] () -- C:\Users\Jenny\Desktop\Alibi in Ashes.lnk
[2012/01/23 03:09:18 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\Taste of Fame.lnk
[2012/01/23 00:10:23 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Windows 7 Manager - Optimization Wizard.job
[2012/01/21 02:56:30 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2012/01/17 01:31:09 | 000,001,660 | ---- | M] () -- C:\Windows\System32\ASOROSet.bin
[2012/01/10 20:39:57 | 000,698,260 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/01/10 20:39:57 | 000,620,814 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/10 20:39:57 | 000,138,708 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/01/10 20:39:57 | 000,108,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/03 23:42:48 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2012/01/03 23:42:39 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\ASO-RegistryOptimizer.job
[2012/01/03 23:42:34 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ASO-PrivacyProtector.job
[2012/01/03 23:42:26 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\ASO-Driver Updater.job
[2012/01/03 23:38:42 | 000,002,229 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2012/01/03 23:38:42 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\ASO.lnk
[2012/01/02 07:28:34 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Cake Mania 3.lnk
[2011/12/30 02:42:01 | 000,001,102 | ---- | M] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/01/24 00:31:10 | 000,001,401 | ---- | C] () -- C:\Users\Jenny\Desktop\Alibi in Ashes.lnk
[2012/01/23 03:09:18 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\Taste of Fame.lnk
[2012/01/03 23:42:48 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ASO-AntiSpyware.job
[2012/01/03 23:42:39 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\ASO-RegistryOptimizer.job
[2012/01/03 23:42:34 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ASO-PrivacyProtector.job
[2012/01/03 23:42:26 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\ASO-Driver Updater.job
[2012/01/03 23:39:13 | 000,000,436 | ---- | C] () -- C:\Windows\tasks\ASO-AutoCheckUpdate7Days.job
[2012/01/03 23:39:13 | 000,000,406 | ---- | C] () -- C:\Windows\tasks\ASO-OneClickCare.job
[2012/01/03 23:38:48 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2012/01/03 23:38:42 | 000,002,229 | ---- | C] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced System Optimizer.lnk
[2012/01/03 23:38:42 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\ASO.lnk
[2012/01/02 07:28:34 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Cake Mania 3.lnk
[2011/12/30 02:42:01 | 000,001,102 | ---- | C] () -- C:\Users\Jenny\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/10/23 07:16:16 | 000,032,256 | ---- | C] () -- C:\Windows\System32\ntrights.exe
[2011/10/19 06:07:30 | 000,000,000 | ---- | C] () -- C:\Windows\Alibi.INI
[2011/07/09 03:13:57 | 000,000,000 | ---- | C] () -- C:\Windows\Phantom of Venice.INI
[2011/07/06 03:44:38 | 000,000,000 | ---- | C] () -- C:\Windows\GAME.INI
[2011/07/01 05:37:42 | 000,000,000 | ---- | C] () -- C:\Windows\Captive.INI
[2011/06/12 03:42:29 | 000,000,059 | ---- | C] () -- C:\Windows\ANS2000.INI
[2011/06/12 03:42:29 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2011/06/12 03:42:29 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2011/06/03 02:46:19 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/06/03 02:43:31 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/06/02 01:44:45 | 001,388,544 | ---- | C] () -- C:\Windows\System32\nvpmapi.dll
[2011/06/02 01:44:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nvISWOW64.dll
[2011/05/16 23:43:07 | 000,000,000 | ---- | C] () -- C:\Windows\DevalVR playerU.INI
[2011/05/11 00:40:42 | 000,032,030 | ---- | C] () -- C:\Users\Jenny\AppData\Local\slot1.mm1
[2011/05/06 00:50:28 | 000,000,092 | ---- | C] () -- C:\Windows\BackupManager.INI
[2011/04/04 20:50:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/03 05:44:24 | 000,087,608 | R--- | C] () -- C:\Users\Jenny\AppData\Roaming\inst.exe
[2011/02/15 05:23:38 | 000,000,000 | ---- | C] () -- C:\Windows\The Haunted Carousel.INI
[2011/02/13 08:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\Secrets.INI
[2011/02/13 04:52:02 | 000,000,000 | ---- | C] () -- C:\Windows\Nancy Drew 1 Secrets Can Kill.INI
[2011/02/06 03:42:31 | 000,000,000 | ---- | C] () -- C:\Windows\Waverly.INI
[2011/01/26 01:57:28 | 000,000,000 | ---- | C] () -- C:\Windows\Blackmoor Manor.INI
[2011/01/25 06:13:54 | 000,000,000 | ---- | C] () -- C:\Windows\Twister.INI
[2011/01/15 06:36:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010/11/08 00:18:18 | 000,003,584 | ---- | C] () -- C:\Users\Jenny\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/27 05:33:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/10/23 08:38:09 | 000,000,000 | ---- | C] () -- C:\Windows\Shadow.INI
[2010/10/19 02:05:08 | 000,000,017 | ---- | C] () -- C:\Users\Jenny\AppData\Local\resmon.resmoncfg
[2010/10/18 05:57:26 | 000,000,000 | ---- | C] () -- C:\Windows\The Secret of the Old Clock.INI
[2010/10/16 19:03:13 | 000,001,660 | ---- | C] () -- C:\Windows\System32\ASOROSet.bin
[2010/10/16 18:29:11 | 000,188,200 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/10/16 15:21:08 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2010/10/16 14:58:23 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/10/16 14:54:35 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/10/16 14:54:35 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/10/16 14:54:33 | 002,931,712 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010/10/16 14:54:33 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/10/16 14:54:33 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/10/16 14:54:33 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/10/16 07:59:04 | 000,698,260 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2010/10/16 07:59:04 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2010/10/16 07:59:04 | 000,138,708 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2010/10/16 07:59:04 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:33:53 | 001,832,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,620,814 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,108,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/08/13 08:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2011/10/23 03:52:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2011/04/13 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Systweak
[2011/08/31 06:46:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/08/07 06:30:51 | 000,000,000 | -HSD | M] -- C:\Users\Jenny\AppData\Roaming\.#
[2010/10/16 18:30:53 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\ACD Systems
[2010/10/16 13:02:23 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\DAEMON Tools Lite
[2011/06/02 02:25:59 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\gDEBugger
[2011/01/05 06:15:49 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\LimeWire
[2012/01/19 02:16:12 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\PlayFirst
[2011/08/16 23:56:51 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Security Catalog
[2011/02/15 04:01:17 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\SystemRequirementsLab
[2012/01/03 23:47:15 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Systweak
[2012/01/26 00:41:32 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\uTorrent
[2010/12/13 00:31:41 | 000,000,000 | ---D | M] -- C:\Users\Jenny\AppData\Roaming\Windows Live Writer
[2012/01/03 23:42:48 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\ASO-AntiSpyware.job
[2012/01/24 23:39:14 | 000,000,436 | ---- | M] () -- C:\Windows\Tasks\ASO-AutoCheckUpdate7Days.job
[2012/01/03 23:42:26 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\ASO-Driver Updater.job
[2012/01/21 02:56:30 | 000,000,406 | ---- | M] () -- C:\Windows\Tasks\ASO-OneClickCare.job
[2012/01/03 23:42:34 | 000,000,390 | ---- | M] () -- C:\Windows\Tasks\ASO-PrivacyProtector.job
[2012/01/03 23:42:39 | 000,000,396 | ---- | M] () -- C:\Windows\Tasks\ASO-RegistryOptimizer.job
[2011/11/15 18:26:14 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/23 00:10:23 | 000,000,290 | ---- | M] () -- C:\Windows\Tasks\Windows 7 Manager - Optimization Wizard.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:83EAC886
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:65929158
@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:D282699C
@Alternate Data Stream - 191 bytes -> C:\ProgramData\TEMP:8E5EA40F
@Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:18DEBC51
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:ECF3C50F
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:264B2CC4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:BD999CC4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:E56E607B
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:29A92878
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:B38BEEEE
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:1B389835
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AF9BF410
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:3B07E6F4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:274516E7
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:1C421D95
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:D9592966
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:BD966611
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4FA837B4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C4288847
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:5F2DBDAD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E9900C74
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:2EB79F01
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:140AD176
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:EE825F99
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:ED9B661E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:5311B0B8
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:ECAAA8CD
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:EBC39C9A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:3FBE8A4B
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:299DED55
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:F1F936DF
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:08801FDB
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1FCF7DE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:852F2262
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6D7343D2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6A2313E9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3D4041D5
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:1D0BABCA
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:00F3AA48
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E4EE99EF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:592D7272
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:342886D8
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:6BFE7DD4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:FFD38FD9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E8C44CB4
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:902C848D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:2B2128F2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:96646EC1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3B5038B1
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:39D71EFD
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:9C4C9993
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0A74923C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:EF38B79C
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A11AE118
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:159786A8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:F1F85068
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:97995ED4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:0845C5E0
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:F6E5C7FB
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:439E3411
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E40EED9B

< End of report >

Edited by vanessa111, 26 January 2012 - 12:57 AM.

  • 0

#4
Gammo
Posted 26 January 2012 - 10:37 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please run the MGA Diagnostic Tool and post the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program.
  • Click Continue.
  • Ensure that the Windows tab is selected. (It should be by default.)
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report into your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Please download WVCheck by Artellos from one of the mirrors below;

    Artellos.com (exe)
    Artellos.com (zip)

  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

  • 0

#5
vanessa111
Posted 26 January 2012 - 11:07 PM

vanessa111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

Thanks again!

Vanessa111



Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-V9488-FGM44-2C9T3
Windows Product Key Hash: rmk1OjF0iZq7gQoRmEcpnJHr0oc=
Windows Product ID: 00426-OEM-8992662-00010
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {88E4E6D9-A5BC-4756-BB82-AE0CDB665D8F}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.111025-1505
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{88E4E6D9-A5BC-4756-BB82-AE0CDB665D8F}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2C9T3</PKey><PID>00426-OEM-8992662-00010</PID><PIDType>2</PIDType><SID>S-1-5-21-1571136059-1058656699-1501102439</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0603 </Version><SMBIOSVersion major="2" minor="3"/><Date>20050621000000.000000+000</Date></BIOS><HWID>5E393D07018400EC</HWID><UserLCID>1009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>HPQOEM</OEMID><OEMTableID>SLIC-WKS</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>C0A25836FDBE5AC</Val><Hash>FmDbcrRY1pTOcrz4ZUZRHhpUuc0=</Hash><Pid>89409-726-2958074-65526</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows® 7, Ultimate edition
Description: Windows Operating System - Windows® 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600010-02-4105-7600.0000-2892010
Installation ID: 005224278944141474294820215265053936338601262980437485
Processor Certificate URL: http://go.microsoft....k/?LinkID=88338
Machine Certificate URL: http://go.microsoft....k/?LinkID=88339
Use License URL: http://go.microsoft....k/?LinkID=88341
Product Key Certificate URL: http://go.microsoft....k/?LinkID=88340
Partial Product Key: 2C9T3
License Status: Licensed
Remaining Windows rearm count: 4
Trusted time: 27/01/2012 12:04:12 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x80072EFD
HealthStatus: 0x0000000000000000
Event Time Stamp: 11:11:2011 01:56
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAIABAABAAEAAgABAAAAAQABAAEAnJ+yTnpLWSWqdkjkmJNa/wZ9/nGN73DTRoI4guw7

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC A M I OEMAPIC
FACP A M I OEMFACP
MCFG A M I OEMMCFG
OEMB A M I AMI_OEM
SLIC HPQOEM SLIC-WKS
  • 0

#6
vanessa111
Posted 26 January 2012 - 11:14 PM

vanessa111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
WV Check:

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0009_27-01-2012
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2012-01-27 03:03:31
Last Success Time for Update Download: 2012-01-16 08:07:19
Last Success Time for Update Installation: 2012-01-16 10:03:11


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 3/6/2011 3:44:3
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16385_none_ff27e02604a90885\slwga.dll
Size: 13824 bytes
Creation; 13/7/2009 19:36:22
Modification; 13/7/2009 21:16:15
MD5; 01fe4bdd0b47a7d8bf34d78d2bc23ddb
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.16723_none_ff66c6b2047a22cd\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 2:26:7
Modification; 21/12/2010 0:38:16
MD5; 2008845b41d561fb77b77bbe0045099e
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7600.20862_none_ffc423831db91904\slwga.dll
Size: 14336 bytes
Creation; 9/2/2011 2:26:7
Modification; 21/12/2010 0:29:6
MD5; 2332de32759ebcc691850e092b2564a6
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 3/6/2011 3:44:3
Modification; 20/11/2010 7:21:24
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 validation.sls.microsoft.com
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - f1dd3acaee5e6b4bbc69bc6df75cef66


-------- End of File, program close at 0012_27-01-2012 --------
  • 0

#7
Gammo
Posted 27 January 2012 - 07:00 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hi,

The use of Keygens and Cracks inevitably leads to infection. Further, it is contrary to this sites Terms of Use. If you persist in their use you will no-longer receive help from this site in the future.

Go here to read Geekstogo Terms of Use and note in particular article 4 the items Illegal and Infringing of intellectual property rights (such as copyright and trademark rights).

While we understand that you may not have been aware, your copy of Windows is not legitimate. Unfortunately, we are unable to help you any further on this site, as we adhere to a strict policy of only helping people who have legitimate copies of Windows. Thank you for understanding.

Microsoft has a program for people who unknowingly receive counterfeit software:

Q:
What are the details of the genuine Windows offer?
A:

To help customers who unknowingly purchased a counterfeit version of Windows XP, Microsoft has created two genuine Windows offers for those who qualify:

* Complimentary offer: Microsoft will make a complimentary copy of Windows XP available to customers who have been sold counterfeit Windows. Customers will be required to submit a proof of purchase, the counterfeit CD, and a counterfeit report with details of their purchase. Only high-quality counterfeit Windows will qualify for the complimentary offer.
* Electronic License Key Offer: Microsoft will offer an alternative for customers who find out via the WGA validation process that they are not running genuine Windows, but do not qualify for, or choose not to take advantage of, the complimentary offer. These customers will be able to license a Windows Genuine Advantage Kit for Windows XP directly from Microsoft for a special on-line purchase price. The Windows Genuine Advantage Kit for Windows XP will include a new 25-character Product Key and a Windows Product Key Update tool that will allow customers to convert their counterfeit copy to genuine Windows XP electronically.


  • 0

#8
vanessa111
Posted 27 January 2012 - 10:47 PM

vanessa111

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,

You are correct, in that I was unaware what programs were used on my PC as I had a computer programmer who serviced my
computer at one time. I had received an error message regarding Genuine Validation and it was repaired my him,
and it was a service I paid for.
I will read the information you have provided, and thank you nevertheless for your effort.


Thanks again,
Vanessa111
  • 0

#9
Gammo
Posted 07 April 2012 - 08:05 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP