Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

processor slows randomly without warning for 2-5-10 mins about every h


  • This topic is locked This topic is locked

#1
pelley28

pelley28

    Member

  • Member
  • PipPip
  • 11 posts
please help! my computer stops working just about anytime it wants to.. i downloaded avast and still have it i got rid of norton when it would not find my problem and iobit witch is not there anymore.. i dont have up multiple firewalls!! it just seem's that every now and then about 1 time every hour the fan rpm's die right out. for 1-2-5-10 mins.. im a downloader and gamer.. so i think i may have downloaded a virus a year or two ago when i got my computer.. i say that becaous i have had this problem for years.. mybe it cant be fixed.. maybe its the way the computer is supposd to be under the workload.. unkown! i can usually have up to three world of warcraft logged in and have internet going with music playig and youtube going.. all at the same time.. but then for no reason at all everything stops and the fan rpms... flatlines.. .. is it me or is it my computer.. it handles the work load really good. right up ontil the proccessor just stops working for 2-5-10mins.. pls help ty



OTL logfile created on: 2/6/2012 11:25:30 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pelley\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 4.77 Gb Available Physical Memory | 61.59% Memory free
15.50 Gb Paging File | 12.50 Gb Available in Paging File | 80.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 342.68 Gb Free Space | 37.39% Space Free | Partition Type: NTFS

Computer Name: KHADIJA-PC | User Name: Pelley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/06 11:24:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pelley\Downloads\OTL.exe
PRC - [2012/02/01 15:39:58 | 009,217,176 | ---- | M] (Blizzard Entertainment) -- C:\Users\Pelley\Desktop\New folder\TvShows\World of Warcraft Cataclysm FREAKZ Edition 4.0.6\Wow.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/04 08:13:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 08:13:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/11/20 08:47:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/04/30 11:17:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/08/12 18:34:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 18:28:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 17:37:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 22:17:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:34:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 05:37:17 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/14 05:37:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/14 05:36:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 05:36:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/14 05:36:29 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 05:36:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/10/14 07:48:10 | 001,503,088 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Indiv_SID_S-1-5-21-935530192-2593661070-149298468-1001\Indiv01.key
MOD - [2009/06/12 20:07:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 20:07:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/02/02 21:03:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 23:55:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/07 22:36:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/04 08:13:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,200,056 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 22:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:17:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/01/13 11:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/10/05 18:00:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/12 14:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/30 11:17:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 21:19:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/12 18:34:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 15:55:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:34:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/12 15:53:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/11/12 15:53:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/07/08 00:45:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/08 00:45:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 23:17:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/04 08:06:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 08:06:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 08:05:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 08:02:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 08:02:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 08:02:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/30 15:16:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 03:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/14 17:39:15 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/01/08 20:12:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/08 23:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 22:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 02:38:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) CX23885/7 PCI-E AvStream Video Capture (PalomarMHD)
DRV:64bit: - [2009/06/10 17:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:31:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 17:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:50:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/05 20:16:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:16:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 21:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...05v1k5k48815288
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledItems: {0A328249-98DF-476C-9D25-3853C961DAB9}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Pelley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Pelley\AppData\Local\Roblox\Versions\version-844560f43f354d3f\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Pelley\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/07/11 23:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 11:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/26 15:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/05 06:53:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/02 06:55:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/05 19:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/01/05 10:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/01/05 10:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files (x86)\Netscape\Navigator 9\components [2011/09/05 17:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files (x86)\Netscape\Navigator 9\plugins [2011/09/05 17:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2011/11/29 09:07:02 | 000,000,000 | ---D | M]

[2010/05/15 06:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Extensions
[2012/01/26 19:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions
[2012/01/11 21:56:32 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2012/01/26 19:47:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/11/11 06:18:58 | 000,001,832 | ---- | M] () -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\searchplugins\bing.xml
[2011/10/09 16:55:34 | 000,000,931 | ---- | M] () -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\searchplugins\conduit.xml
[2011/12/25 14:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/24 19:34:19 | 000,000,000 | ---D | M] (SpaceQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}
[2011/01/18 07:28:52 | 000,000,000 | ---D | M] (QuestBrowse) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
[2010/05/02 08:01:18 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2012/02/05 06:53:54 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2011/11/29 09:07:02 | 000,000,000 | ---D | M] (WordCaptureX) -- C:\PROGRAM FILES (X86)\WHITESMOKETRANSLATOR\WCAPTUREMOZ
[2012/01/26 15:19:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/02 06:55:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/12 11:55:45 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/01/22 11:08:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/03/31 07:49:50 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012/02/01 06:56:34 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/22 11:08:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Pelley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Babylon Chrome OCR = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: avast! WebRep = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: Facemoods = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4\

O1 HOSTS File: ([2010/09/03 13:46:20 | 000,001,055 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 gosredirector.ea.com
O1 - Hosts: 127.0.0.1 blazeserver.blazeemu.org
O1 - Hosts: 127.0.0.1 gosgvaprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gosiadprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 gossjcprod-qos01.ea.com
O1 - Hosts: 127.0.0.1 demangler.ea.com
O1 - Hosts: 127.0.0.1 vmp.tools.gos.ea.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110124133319.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll (facemoods.com)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110124133319.dll (McAfee, Inc.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {417C6B3C-2B0A-4427-B7B9-FF0D7880AB13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Rart] rundll32 "C:\Users\Pelley\AppData\Roaming\MSINETR.dll",qtesd File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337FB64C-9F8A-41F2-B367-91252AFF4D9F}: DhcpNameServer = 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337FB64C-9F8A-41F2-B367-91252AFF4D9F}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Installer.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Installer.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\Installer.exe
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\setup.exe
O33 - MountPoints2\Q\Shell - "" = AutoRun
O33 - MountPoints2\Q\Shell\AutoRun\command - "" = Q:\setup.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/01 13:39:35 | 000,000,000 | --SD | C] -- C:\Users\Pelley\Desktop\Restored Items
[2012/02/01 13:39:35 | 000,000,000 | ---D | C] -- C:\Users\Pelley\Desktop\STUFF
[2012/01/23 19:33:09 | 000,000,000 | ---D | C] -- C:\Windows\[SystemFolder]
[2012/01/23 19:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/01/17 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Pelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Jets
[2012/01/17 18:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Jets
[2012/01/17 18:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\InterActive Vision
[2012/01/09 16:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenSaverGift
[2012/01/09 16:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mists of Pandaria
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/06 11:21:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/06 06:23:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 06:23:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 06:18:35 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2012/02/06 06:10:45 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/06 06:08:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 06:08:42 | 1945,608,191 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/03 23:38:00 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Khadija.job
[2012/02/02 20:56:57 | 000,001,928 | ---- | M] () -- C:\Users\Pelley\Desktop\molten cata.lnk
[2012/02/01 18:45:12 | 000,001,233 | ---- | M] () -- C:\Users\Pelley\Desktop\FROSTWOLF.lnk
[2012/01/27 06:20:33 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/26 15:25:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/26 15:25:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/24 12:27:05 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/01/22 18:52:00 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/22 18:52:00 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/22 18:52:00 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/17 18:27:08 | 000,000,980 | ---- | M] () -- C:\Users\Pelley\Desktop\Red Jets.lnk
[2012/01/13 18:43:15 | 000,003,236 | ---- | M] () -- C:\Users\Pelley\AppData\Roaming\wklnhst.dat
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/01 18:45:12 | 000,001,233 | ---- | C] () -- C:\Users\Pelley\Desktop\FROSTWOLF.lnk
[2012/02/01 13:43:43 | 000,001,928 | ---- | C] () -- C:\Users\Pelley\Desktop\molten cata.lnk
[2012/01/23 19:47:05 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2012/01/17 18:27:08 | 000,000,980 | ---- | C] () -- C:\Users\Pelley\Desktop\Red Jets.lnk
[2011/12/07 11:17:38 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/10/09 16:27:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2011/10/09 11:14:54 | 000,000,017 | ---- | C] () -- C:\Users\Pelley\AppData\Local\resmon.resmoncfg
[2011/08/02 07:31:21 | 000,003,584 | ---- | C] () -- C:\Users\Pelley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/04 16:24:27 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 14:21:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/17 09:40:00 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/17 09:40:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/19 07:17:16 | 000,003,236 | ---- | C] () -- C:\Users\Pelley\AppData\Roaming\wklnhst.dat
[2010/04/30 08:49:16 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/04/17 19:28:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/17 13:27:00 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2010/04/11 11:02:29 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/04/06 19:54:37 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/31 09:55:29 | 000,165,253 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/03/23 22:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/03/22 07:02:28 | 000,069,632 | ---- | C] () -- C:\Windows\ST1_Un0.exe
[2010/03/16 22:14:39 | 000,004,737 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 10:35:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/03/01 10:12:07 | 000,000,100 | ---- | C] () -- C:\Windows\Sfc3ng.ini
[2010/02/28 07:16:57 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/30 23:04:16 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/01/21 11:20:38 | 000,001,090 | ---- | C] () -- C:\Windows\eReg.dat
[2009/08/22 01:20:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 02:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 11:10:39 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/06/10 17:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/05 16:23:28 | 000,060,416 | ---- | C] () -- C:\Windows\Memeo.ShellExtension.WicIO.dll
[2008/11/22 08:33:59 | 000,184,095 | ---- | C] () -- C:\Program Files\srcds_i486
[2008/11/22 08:33:59 | 000,010,645 | ---- | C] () -- C:\Program Files\srcds_run
[2008/11/22 08:08:46 | 000,088,606 | ---- | C] () -- C:\Program Files\left4dead.exe
[2008/11/22 08:08:46 | 000,075,389 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T6_56_18C37615.mdmp
[2008/11/22 08:08:46 | 000,074,483 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_33_58C37967.mdmp
[2008/11/22 08:08:46 | 000,073,727 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_33_7C142161.mdmp
[2008/11/22 08:08:46 | 000,072,718 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_30_13C40715.mdmp
[2008/11/22 08:08:46 | 000,063,687 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T6_55_0C1434.mdmp
[2008/11/22 08:08:46 | 000,000,567 | ---- | C] () -- C:\Program Files\installscript.vdf
[2008/11/22 08:08:46 | 000,000,422 | ---- | C] () -- C:\Program Files\hlds_steamgames.vdf
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/01/30 18:31:46 | 000,002,346 | ---- | C] () -- C:\Windows\EaseAudioConverter.ini
[2006/04/14 09:37:26 | 000,000,031 | ---- | C] () -- C:\Windows\aceg.ini
[1997/11/10 14:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2011/11/12 11:55:44 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Babylon
[2012/02/01 17:48:05 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\BitTorrent
[2010/05/15 07:36:38 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Command and Conquer 4
[2011/11/13 08:20:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\DriverCure
[2010/06/26 11:52:14 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Facebook
[2011/11/29 09:26:29 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\FrostWire
[2010/09/02 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\gtk-2.0
[2011/05/06 06:13:23 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\IObit
[2010/09/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Leadertech
[2010/11/13 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LimeWire
[2011/04/20 08:24:58 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LolClient
[2011/12/08 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LucasArts
[2012/01/23 19:33:13 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Memeo
[2011/12/22 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\MP3Rocket
[2011/09/05 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Netscape
[2011/02/27 12:11:31 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Playrix Entertainment
[2011/05/11 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Pogo Games
[2011/10/06 17:44:26 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Seagate
[2011/11/13 08:20:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\SpeedyPC Software
[2010/05/21 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\SpinTop Games
[2010/05/19 07:17:20 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Template
[2010/12/10 17:29:25 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Tific
[2011/11/07 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Tropico 3
[2011/05/21 15:33:41 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\TuneUp Software
[2011/12/07 06:04:48 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Ubisoft
[2010/05/15 08:35:25 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Uniblue
[2011/10/11 06:09:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\WhiteSmokeTranslator
[2010/06/01 09:30:47 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\WildTangent
[2011/03/23 18:37:46 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Windows Live Writer
[2012/02/06 06:18:35 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2012/01/30 06:32:04 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4001342B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello pelley28 and welcome to GeeksToGo :)

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

You have two antivirus installed on your computer (Avast and McAfee). Please uninstall one of them because have both installed brings no benefit for computer security. Besides, they can conflict and harm the performance of your computer.

# Step 1 #

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Avast or McAfee
  • Conduit Engine
  • WhiteSmoke_Bar
  • BitTorrentBar
  • Facemoods

# Step 2 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} -  C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} -  C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} -  C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3007394&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
    [2012/01/11 21:56:32 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community  Toolbar) --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
    [2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community  Toolbar) --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community  Toolbar) --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    O2 - BHO: (WhiteSmoke Bar Toolbar) -  {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files  (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} -  C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} -  C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll  (facemoods.com)
    O2 - BHO: (BitTorrentBar Toolbar) -  {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) -  {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files  (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) -  {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files  (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) -  {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (facemoods Toolbar) -  {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files  (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) -  {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [Rart] rundll32 "C:\Users\Pelley\AppData\Roaming\MSINETR.dll",qtesd File not found
    
    
    :Commands
    [purity]
    [resethosts]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


# Step 3 #

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


# Step 4 #

  • Open OTL.exe
  • Click in the button Posted Image
  • Now on the Box Extra Registry, click in Use safe list
  • Next, click in the button Posted Image
  • It will be generated a log with a name Extras.txt. Post this log.

  • 0

#4
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry im a little lait getting back to you. Here is the information you requested, thank you vary much for your help. hope to hear back from you soon.


All processes killed
Error: Unable to interpret <:OTLIE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.condui...searchTerms}"FF - prefs.js..browser.startup.homepage: "http://search.condui...rchSource=13"FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2[2012/01/11 21:56:32 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\User> in the current context!
Error: Unable to interpret <s\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}[2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll (facemoods.com)O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2> in the current context!
Error: Unable to interpret <aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O4 - HKCU..\Run: [Rart] rundll32 "C:\Users\Pelley\AppData\Roaming\MSINETR.dll",qtesd File not found:Commands[purity][reseth> in the current context!
Error: Unable to interpret <osts][EMPTYTEMP][EMPTYFLASH][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_171533

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 17:44:44
-----------------------------
17:44:44.600 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:44.600 Number of processors: 4 586 0x402
17:44:44.600 ComputerName: KHADIJA-PC UserName: Pelley
17:44:46.630 Initialize success
17:44:46.680 AVAST engine defs: 12021301
17:44:49.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:44:49.040 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
17:44:49.050 Disk 0 MBR read successfully
17:44:49.050 Disk 0 MBR scan
17:44:49.050 Disk 0 unknown MBR code
17:44:49.060 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
17:44:49.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
17:44:49.090 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938407 MB offset 31664128
17:44:49.100 Service scanning
17:44:50.910 Modules scanning
17:44:50.910 Disk 0 trace - called modules:
17:44:50.920 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:44:50.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077d4060]
17:44:50.920 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa80067db7f0]
17:44:50.930 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007719060]
17:44:52.770 AVAST engine scan C:\Windows
17:44:57.580 AVAST engine scan C:\Windows\system32
17:47:13.932 AVAST engine scan C:\Windows\system32\drivers
17:47:27.672 AVAST engine scan C:\Users\Pelley
18:17:48.444 AVAST engine scan C:\ProgramData
18:20:20.700 Scan finished successfully
18:21:06.767 Disk 0 MBR has been saved successfully to "C:\Users\Pelley\Desktop\MBR.dat"
18:21:06.767 The log file has been saved successfully to "C:\Users\Pelley\Desktop\aswMBR.txt"
  • 0

#5
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
oops. i forgot to tell you that i had truble with step 4. could you explain it without pictures please. i think i couldent see the right pic's that was supposed to help me understand better.. i attached the pick link. i couldent see any picture like that on otl.exe ok ty

Attached Thumbnails

  • botton otl.png

  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, repeat the Step 2. You need to copy all lines in the codebox, including :OTL line.

Please reopen Posted Image on your desktop.

  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f}  -  C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}  -  C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f}  -  C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}  -  C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
    FF -  prefs.js..browser.search.defaulturl:  "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3007394&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2
    [2012/01/11 21:56:32 | 000,000,000 | ---D | M] (WhiteSmoke Bar  Community  Toolbar)  --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
    [2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar  Community  Toolbar)  --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    [2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar  Community  Toolbar)  --  C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
    O2 - BHO: (WhiteSmoke Bar Toolbar)  -  {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program  Files  (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D}  -  C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC}  -  C:\Program Files  (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll  (facemoods.com)
    O2 - BHO: (BitTorrentBar Toolbar)  -  {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program  Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar)  -  {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program  Files  (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine)  -  {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program  Files  (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar)  -  {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program  Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (facemoods Toolbar)  -  {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program  Files  (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll  (facemoods.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar)  -  {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program  Files  (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)
    O4 - HKCU..\Run: [Rart] rundll32 "C:\Users\Pelley\AppData\Roaming\MSINETR.dll",qtesd File not found
    
    
    :Commands
    [purity]
    [resethosts]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


oops. i forgot to tell you that i had truble with step 4. could you explain it without pictures please. i think i couldent see the right pic's that was supposed to help me understand better.. i attached the pick link. i couldent see any picture like that on otl.exe ok ty

Thanks for the warning, try now:

  • Open OTL.exe
  • Click in the button Posted Image
  • Now on the Box Extra Registry, click in Use safe list
  • Next, click in the button Posted Image
  • It will be generated a log with a name Extras.txt. Post this log.

  • 0

#7
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 2/14/2012 7:47:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pelley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free
15.50 Gb Paging File | 13.54 Gb Available in Paging File | 87.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 340.32 Gb Free Space | 37.14% Space Free | Partition Type: NTFS

Computer Name: KHADIJA-PC | User Name: Pelley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >
  • 0

#8
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
Error: Unable to interpret <:OTLIE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.condui...searchTerms}"FF - prefs.js..browser.startup.homepage: "http://search.condui...rchSource=13"FF - prefs.js..extensions.enabledItems: [email protected]:3.2.5.2[2012/01/11 21:56:32 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\User> in the current context!
Error: Unable to interpret <s\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}[2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}[2012/01/11 21:56:33 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll (facemoods.com)O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2> in the current context!
Error: Unable to interpret <aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll (Conduit Ltd.)O4 - HKCU..\Run: [Rart] rundll32 "C:\Users\Pelley\AppData\Roaming\MSINETR.dll",qtesd File not found:Commands[purity][reseth> in the current context!
Error: Unable to interpret <osts][EMPTYTEMP][EMPTYFLASH][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 02132012_171533

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-13 17:44:44
-----------------------------
17:44:44.600 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:44.600 Number of processors: 4 586 0x402
17:44:44.600 ComputerName: KHADIJA-PC UserName: Pelley
17:44:46.630 Initialize success
17:44:46.680 AVAST engine defs: 12021301
17:44:49.040 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
17:44:49.040 Disk 0 Vendor: WDC_WD10EADS-22M2B0 01.00A01 Size: 953869MB BusType: 3
17:44:49.050 Disk 0 MBR read successfully
17:44:49.050 Disk 0 MBR scan
17:44:49.050 Disk 0 unknown MBR code
17:44:49.060 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
17:44:49.070 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
17:44:49.090 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938407 MB offset 31664128
17:44:49.100 Service scanning
17:44:50.910 Modules scanning
17:44:50.910 Disk 0 trace - called modules:
17:44:50.920 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
17:44:50.920 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80077d4060]
17:44:50.920 3 CLASSPNP.SYS[fffff880018a643f] -> nt!IofCallDriver -> [0xfffffa80067db7f0]
17:44:50.930 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007719060]
17:44:52.770 AVAST engine scan C:\Windows
17:44:57.580 AVAST engine scan C:\Windows\system32
17:47:13.932 AVAST engine scan C:\Windows\system32\drivers
17:47:27.672 AVAST engine scan C:\Users\Pelley
18:17:48.444 AVAST engine scan C:\ProgramData
18:20:20.700 Scan finished successfully
18:21:06.767 Disk 0 MBR has been saved successfully to "C:\Users\Pelley\Desktop\MBR.dat"
18:21:06.767 The log file has been saved successfully to "C:\Users\Pelley\Desktop\aswMBR.txt"


All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
File C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{167d9323-f7cc-48f5-948a-6f012831a69f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{167d9323-f7cc-48f5-948a-6f012831a69f}\ not found.
File C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.
Prefs.js: "WhiteSmoke Bar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.condui...earchSource=13" removed from browser.startup.homepage
Prefs.js: [email protected]:3.2.5.2 removed from extensions.enabledItems
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\searchplugin folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\modules folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\META-INF folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\defaults folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\components folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}\chrome folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f} folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
Folder C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: (WhiteSmoke Bar Toolbar)\ not found.
File {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoods.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\- BHO: (BitTorrentBar Toolbar)\ not found.
File {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (WhiteSmoke Bar Toolbar) not found.
File f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (Conduit Engine) not found.
File B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngin0.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (BitTorrentBar Toolbar) not found.
File f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\LM\..\Toolbar: (facemoods Toolbar) not found.
File F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\CU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) not found.
File F93F-432C-8F0E-B7D85967A527} - C:\Program Files (x86)\BitTorrentBar\tbBit1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Rart deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35979085 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Khadija
->Temp folder emptied: 123548015 bytes
->Temporary Internet Files folder emptied: 25933914 bytes
->Java cache emptied: 25707782 bytes
->FireFox cache emptied: 12252150 bytes
->Google Chrome cache emptied: 37587283 bytes
->Flash cache emptied: 846 bytes

User: Pelley
->Temp folder emptied: 1574072328 bytes
->Temporary Internet Files folder emptied: 1505866843 bytes
->Java cache emptied: 8083643 bytes
->FireFox cache emptied: 70039280 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 8140092 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 181760 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19197662 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 465725 bytes
RecycleBin emptied: 32569 bytes

Total Files Cleaned = 3,287.00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Khadija
->Flash cache emptied: 0 bytes

User: Pelley
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 02142012_073032

Files\Folders moved on Reboot...
C:\Users\Pelley\AppData\Local\Temp\1C95.tmp moved successfully.
C:\Users\Pelley\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VV3UT7B1\ai[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SNKTJUZS\ai[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SNKTJUZS\ai[2].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SNKTJUZS\ai[3].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SNKTJUZS\messaging_upload[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOIJSE91\12[2].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOIJSE91\ai[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HOIJSE91\like[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C9IOMHFD\fastbutton[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52YQS3XA\facebook_com[2].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52YQS3XA\messaging_upload[2].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\52YQS3XA\PhotoViewerInitPagelet[2].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\45GVPSUY\fastbutton[1].htm moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Pelley\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 2/14/2012 7:47:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pelley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free
15.50 Gb Paging File | 13.54 Gb Available in Paging File | 87.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 340.32 Gb Free Space | 37.14% Space Free | Partition Type: NTFS

Computer Name: KHADIJA-PC | User Name: Pelley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

< End of report >

here's everything i did in 1 list.. sry if its globbed all togather.. :(( it should be right this time!
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

On step 4, I ask you to post the Extras.txt log but you post the OTL.txt log.

Please, go to C:\Users\Pelley\Desktop and post the Extras.txt log


# Step 2 #

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be
    prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.






# Step 3 #

  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#10
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Extras logfile created on: 2/14/2012 7:47:09 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pelley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 77.33% Memory free
15.50 Gb Paging File | 13.54 Gb Available in Paging File | 87.39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 340.32 Gb Free Space | 37.14% Space Free | Partition Type: NTFS

Computer Name: KHADIJA-PC | User Name: Pelley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{36A5281A-B56F-44AA-23F3-0DD2A37B2825}" = AMD Media Foundation Decoders
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6966E87A-91BA-4D4B-B7DA-A4610FAA31E0}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{ADED6869-D6D1-671E-9653-3782C21FA809}" = AMD Drag and Drop Transcoding
"{AFCA7057-581F-9CE2-A1BD-65371995C64F}" = AMD Fuel
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCC08D47-60ED-FA7F-241B-34BC9947D9FF}" = ccc-utility64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F4303078887B33BF9E472598BB463CBE007C68E" = Windows Driver Package - YUAN TV DRIVER (cxpl_mhd) Media (06/22/2009 6.0.64.0059)
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BC77CEF-C52F-4092-BF87-0D4E6B86D860}" = Memeo Share
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1D420647-DF79-D93E-66E1-6B053F1F9BE0}" = Application Profiles
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{287A4E96-AC57-4A19-9B51-C5EED2EAB382}" = Star Trek Legacy
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{347DA8D7-B858-421e-A154-5F438A36F1A4}" = Memeo Backup Premium
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{417C6B3C-2B0A-4427-B7B9-FF0D7880AB13}" = Tango
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}" = Command & Conquer The First Decade
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{801EFC7D-AA66-F889-030D-C96E99F884A4}" = Catalyst Control Center InstallProxy
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81784157-3D4D-4bc1-B988-B24C32A26DA8}" = Memeo Send
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{936783CC-73D3-F125-71A4-BC0697B48167}" = CCC Help English
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98890E89-0353-D7BB-594D-26A17055A42B}" = Catalyst Control Center Graphics Previews Common
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.4 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B672D77A-8BA3-24EF-3421-8FB8E35E2A8D}" = Catalyst Control Center InstallProxy
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CCF9FABA-FF1F-AA77-60F5-8A6FD53E78E3}" = AMD VISION Engine Control Center
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{dee20f07-04f7-40f0-99bd-afcbd8377f0d}" = Nero 9 Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E6611883-6C21-430A-B7AD-BADE2DC2AFC4}" = DriverMD
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin'
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced MP3 Converter_is1" = Advanced MP3 Converter 4.03
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"BookWorm Deluxe" = BookWorm Deluxe
"Build-a-lot 3 - Passport to Europe 1.00" = Build-a-lot 3 - Passport to Europe 1.00
"Build-A-Lot 4" = Build-A-Lot 4
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"Clue" = Clue
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DivX Setup" = DivX Setup
"Ease Audio Converter_is1" = Ease Audio Converter 4.80
"Fishdom H2O1.0" = Fishdom H2O
"FormatFactory" = FormatFactory 2.60
"Game Booster_is1" = Game Booster
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Photo Frame" = Gateway Photo Frame 4.2.3.10
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{07537D43-050A-4832-9435-851F6DD3B606}" = Memeo LifeAgent Explorer Extension
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Left 4 Dead" = Left 4 Dead
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox 10.0.1 (x86 en-US)" = Mozilla Firefox 10.0.1 (x86 en-US)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Netscape Navigator (9.0.0.6)" = Netscape Navigator (9.0.0.6)
"NSS" = Norton Security Scan
"PowerISO" = PowerISO
"Red Jets" = Red Jets
"Sea War The Battles 2_is1" = Sea War The Battles 2
"Smart Defrag_is1" = Smart Defrag
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"WhiteSmokeTranslator" = WhiteSmokeTranslator
"WildTangent gateway Master Uninstall" = Gateway Games
"WildTangent wildgames Master Uninstall" = WildGames
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WTA-1232a215-00bc-458e-a77c-d060162b99b9" = GO Diego GO! Dinosaur Rescue
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Pelley
"blinkx beat" = blinkx beat
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/5/2011 11:04:22 AM | Computer Name = Khadija-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 10e0 Start
Time: 01cc537e7afc84dc Termination Time: 13 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 8/5/2011 6:28:44 PM | Computer Name = Khadija-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11e4 Start
Time: 01cc5380f5767f09 Termination Time: 13876 Application Path: C:\Program Files
(x86)\Internet Explorer\iexplore.exe Report Id:

Error - 8/6/2011 5:40:52 AM | Computer Name = Khadija-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/6/2011 9:36:39 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/6/2011 11:28:55 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 8/6/2011 11:33:52 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 11:33:52 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 11:33:52 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/6/2011 11:33:52 PM | Computer Name = Khadija-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/7/2011 5:23:19 AM | Computer Name = Khadija-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

[ Media Center Events ]
Error - 4/4/2010 3:13:39 AM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:43:39 AM - Error connecting to the internet. 4:43:39 AM - Unable
to contact server..

Error - 4/4/2010 4:13:45 AM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 5:43:44 AM - Error connecting to the internet. 5:43:44 AM - Unable
to contact server..

Error - 4/17/2010 2:42:04 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:12:04 PM - Error connecting to the internet. 4:12:04 PM - Unable
to contact server..

Error - 4/17/2010 2:42:39 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:12:33 PM - Error connecting to the internet. 4:12:33 PM - Unable
to contact server..

Error - 4/22/2010 2:15:26 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 3:45:22 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 4/22/2010 3:15:50 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:45:47 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 4/24/2010 2:57:17 AM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:27:13 AM - Error connecting to the internet. 4:27:13 AM - Unable
to contact server..

Error - 10/23/2011 3:05:58 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:35:56 PM - Failed to retrieve NetTV (Error: The operation has timed
out)

Error - 10/23/2011 3:25:54 PM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 4:53:19 PM - Failed to retrieve SportsV2 (Error: The operation has
timed out)

Error - 11/13/2011 4:47:04 AM | Computer Name = Khadija-PC | Source = MCUpdate | ID = 0
Description = 5:00:49 AM - Error connecting to the internet. 5:00:49 AM - Unable
to contact server..

[ System Events ]
Error - 2/14/2012 6:15:54 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7024
Description = The McShield service terminated with service-specific error %%5046.

Error - 2/14/2012 6:15:54 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom sptd

Error - 2/14/2012 6:20:32 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7022
Description = The Background Intelligent Transfer Service service hung on starting.

Error - 2/14/2012 6:20:33 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (120000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 2/14/2012 7:11:19 AM | Computer Name = Khadija-PC | Source = DCOM | ID = 10010
Description =

Error - 2/14/2012 7:11:55 AM | Computer Name = Khadija-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 2/14/2012 7:12:02 AM | Computer Name = Khadija-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 2/14/2012 7:12:08 AM | Computer Name = Khadija-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 2/14/2012 7:13:33 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7024
Description = The McShield service terminated with service-specific error %%5046.

Error - 2/14/2012 7:13:35 AM | Computer Name = Khadija-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom sptd


< End of report >
  • 0

Advertisements


#11
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.16.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pelley :: KHADIJA-PC [administrator]

2/15/2012 10:38:15 PM
mbam-log-2012-02-15 (22-38-15).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 728155
Time elapsed: 3 hour(s), 26 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKCR\CLSID\{BD88D5C0-842D-46D9-8BDA-E59ACFE77771} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD88D5C0-842D-46D9-8BDA-E59ACFE77771} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD88D5C0-842D-46D9-8BDA-E59ACFE77771} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKCR\Typelib\{A03ECF0D-2E7D-8790-1470-2D023B612C82} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKCR\Interface\{2E9AFFEA-78CB-1562-E867-6CB17AB18FD2} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKCR\SuperiorBrandingSystem.SuperiorBrandingSystem (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKCR\SuperiorBrandingSystem.SuperiorBrandingSystem.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKCR\AppID\SuperiorBrandingSystem.DLL (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\MarketPrecision (Adware.Adparatus) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790471B57659573FA899 (Malware.Trace) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 11
C:\Users\Khadija\AppData\Roaming\GabPath (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9} (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0} (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\ProgramData\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Detected: 12
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\solidcore32.dll (Trojan.Krypt) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\SKIDROW\solidcore32.dll (Trojan.Krypt) -> Quarantined and deleted successfully.
D:\Pelley_Backup\2011-10-06_18-50-08\Memeo\2011-10-06_18-50-08\C_\Users\Khadija\Desktop\EA.Games.Multi.Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
D:\Pelley_Backup\2011-10-06_18-50-08\Memeo\2011-10-06_18-50-08\C_\Users\Pelley\Desktop\New folder\EA.Games.Multi.Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Khadija\AppData\Roaming\GabPath\config.cfg (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\install.rdf (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome\spacequery.jar (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences\prefs.js (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\chrome.manifest (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\install.rdf (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}\defaults\preferences\prefs.js (Adware.QuestBrowse) -> Quarantined and deleted successfully.

(end)

OTL logfile created on: 2/16/2012 1:28:15 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pelley\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 5.75 Gb Available Physical Memory | 74.24% Memory free
15.50 Gb Paging File | 13.45 Gb Available in Paging File | 86.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.41 Gb Total Space | 337.49 Gb Free Space | 36.83% Space Free | Partition Type: NTFS

Computer Name: KHADIJA-PC | User Name: Pelley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/14 07:27:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pelley\Desktop\OTL.exe
PRC - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/28 19:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/04 08:13:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 08:13:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/04/30 11:17:00 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2010/03/26 15:48:20 | 002,708,312 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2009/08/12 18:34:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/08/12 18:28:52 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/07/20 17:37:10 | 000,124,416 | ---- | M] (IOI) -- C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
PRC - [2009/07/03 22:17:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 09:34:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 19:46:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/14 05:37:05 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/14 05:36:24 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/28 19:39:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:38:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/03/29 19:03:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 22:28:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 22:28:08 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2010/11/04 22:28:04 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/06/12 20:07:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIUSBLib.dll
MOD - [2009/06/12 20:07:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Gateway Photo Frame\IOIHIDLib.dll
MOD - [2009/02/02 21:03:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
MOD - [2009/01/12 17:56:14 | 000,071,504 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit SmartDefrag\taskdll.dll
MOD - [2009/01/12 17:56:00 | 000,059,216 | ---- | M] () -- C:\Program Files (x86)\IObit\IObit SmartDefrag\NtfsData.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/07 23:55:02 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/07 22:36:06 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/07/04 08:13:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/10/13 22:28:54 | 000,245,352 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/10/13 22:28:54 | 000,200,056 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield)
SRV:64bit: - [2010/10/13 22:28:54 | 000,149,032 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 22:11:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 22:17:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/10/05 18:00:23 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/09 15:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2010/10/12 14:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/04/30 11:17:00 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/04/22 21:19:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/12 18:34:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/07/28 15:55:34 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/06/10 17:53:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 09:34:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/11/12 15:53:53 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/11/12 15:53:51 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/07/08 00:45:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/07/08 00:45:50 | 009,884,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/07 23:17:04 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/04 08:06:56 | 000,600,920 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/07/04 08:06:54 | 000,288,088 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/07/04 08:05:28 | 000,045,400 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/07/04 08:02:35 | 000,031,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/07/04 08:02:24 | 000,064,856 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/07/04 08:02:14 | 000,022,360 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/03/30 15:16:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 03:11:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:11:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:03:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:37:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/13 22:28:54 | 000,529,128 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,441,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/10/13 22:28:54 | 000,283,360 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,190,136 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,121,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,094,864 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/10/13 22:28:54 | 000,075,032 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/10/13 22:28:54 | 000,062,800 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/03/14 17:39:15 | 000,868,848 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/21 01:03:10 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2010/01/21 01:03:08 | 000,033,280 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2010/01/21 01:03:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2010/01/08 20:12:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/11/08 23:58:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/13 22:22:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:18:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:15:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/22 02:38:30 | 000,714,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\y_cx88x.sys -- (cxpl_mhd) CX23885/7 PCI-E AvStream Video Capture (PalomarMHD)
DRV:64bit: - [2009/06/10 17:31:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:31:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:31:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 17:04:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:04:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:04:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:01:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 17:50:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/05 20:16:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 20:16:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/04 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 21:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...05v1k5k48815288
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true


FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Pelley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Pelley\AppData\Local\Roblox\Versions\version-844560f43f354d3f\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4bcdbfd0-fa26-11de-8a39-0800200c9a66}: C:\Users\Pelley\AppData\Roaming\Mozilla\FireFox\{4bcdbfd0-fa26-11de-8a39-0800200c9a66} [2010/07/11 23:16:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/11 11:02:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/26 15:19:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/11 22:37:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/05 19:27:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/01/05 10:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011/01/05 10:37:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Components: C:\Program Files (x86)\Netscape\Navigator 9\components [2011/09/05 17:06:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.6\extensions\\Plugins: C:\Program Files (x86)\Netscape\Navigator 9\plugins [2011/09/05 17:06:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2011/11/29 09:07:02 | 000,000,000 | ---D | M]

[2010/05/15 06:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Extensions
[2012/02/14 07:30:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions
[2012/01/26 19:47:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/11/11 06:18:58 | 000,001,832 | ---- | M] () -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\searchplugins\bing.xml
[2011/10/09 16:55:34 | 000,000,931 | ---- | M] () -- C:\Users\Pelley\AppData\Roaming\Mozilla\Firefox\Profiles\1rid5ubk.default\searchplugins\conduit.xml
[2012/02/16 03:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/02 08:01:18 | 000,000,000 | ---D | M] (Facemoods) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}
[2011/11/29 09:07:02 | 000,000,000 | ---D | M] (WordCaptureX) -- C:\PROGRAM FILES (X86)\WHITESMOKETRANSLATOR\WCAPTUREMOZ
[2012/01/26 15:19:58 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/02/11 22:37:50 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/12 11:55:45 | 000,002,287 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/01/22 11:08:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/03/31 07:49:50 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012/02/01 06:56:34 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/01/22 11:08:52 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Pelley\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Babylon Chrome OCR = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: SiteAdvisor = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: avast! WebRep = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1203_0\
CHR - Extension: Facemoods = C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4\

O1 HOSTS File: ([2012/02/14 07:30:46 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110124133319.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110124133319.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {417C6B3C-2B0A-4427-B7B9-FF0D7880AB13} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Send] C:\Program Files (x86)\Memeo\Memeo Send\MemeoLauncher.exe ()
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337FB64C-9F8A-41F2-B367-91252AFF4D9F}: DhcpNameServer = 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337FB64C-9F8A-41F2-B367-91252AFF4D9F}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\Installer.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\Installer.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\Installer.exe
O33 - MountPoints2\P\Shell - "" = AutoRun
O33 - MountPoints2\P\Shell\AutoRun\command - "" = P:\setup.exe
O33 - MountPoints2\Q\Shell - "" = AutoRun
O33 - MountPoints2\Q\Shell\AutoRun\command - "" = Q:\setup.exe
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/15 22:22:39 | 000,000,000 | ---D | C] -- C:\Users\Pelley\AppData\Roaming\Malwarebytes
[2012/02/15 22:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/15 22:22:33 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/02/15 22:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/15 22:22:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/15 22:20:49 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Pelley\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/14 07:30:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/14 07:27:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pelley\Desktop\OTL.exe
[2012/02/13 17:34:03 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Pelley\Desktop\aswMBR.exe
[2012/02/01 13:39:35 | 000,000,000 | --SD | C] -- C:\Users\Pelley\Desktop\Restored Items
[2012/02/01 13:39:35 | 000,000,000 | ---D | C] -- C:\Users\Pelley\Desktop\STUFF
[2012/01/23 19:33:09 | 000,000,000 | ---D | C] -- C:\Windows\[SystemFolder]
[2012/01/23 19:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/01/17 18:27:09 | 000,000,000 | ---D | C] -- C:\Users\Pelley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Red Jets
[2012/01/17 18:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Jets
[2012/01/17 18:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\InterActive Vision

========== Files - Modified Within 30 Days ==========

[2012/02/16 13:27:24 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/02/16 13:21:13 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/16 07:11:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 07:11:08 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 06:57:17 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/16 06:57:15 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2012/02/16 06:56:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/16 06:56:41 | 1945,608,191 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 03:27:21 | 000,344,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/16 03:10:16 | 000,739,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/16 03:10:16 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/16 03:10:16 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/15 23:38:01 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Khadija.job
[2012/02/15 22:22:34 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/15 22:20:59 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Pelley\Desktop\mbam--setup-1.60.1.1000.exe
[2012/02/14 07:30:46 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/02/14 07:27:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pelley\Desktop\OTL.exe
[2012/02/13 18:21:06 | 000,000,512 | ---- | M] () -- C:\Users\Pelley\Desktop\MBR.dat
[2012/02/13 17:34:35 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pelley\Desktop\aswMBR.exe
[2012/02/02 20:56:57 | 000,001,928 | ---- | M] () -- C:\Users\Pelley\Desktop\molten cata.lnk
[2012/02/01 18:45:12 | 000,001,233 | ---- | M] () -- C:\Users\Pelley\Desktop\FROSTWOLF.lnk
[2012/01/31 08:32:02 | 000,002,153 | ---- | M] () -- C:\Users\Pelley\Desktop\Wow - Shortcut (2).lnk
[2012/01/27 06:20:33 | 000,002,307 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/01/26 15:25:05 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/26 15:25:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/17 18:27:08 | 000,000,980 | ---- | M] () -- C:\Users\Pelley\Desktop\Red Jets.lnk

========== Files Created - No Company Name ==========

[2012/02/15 22:22:34 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/13 18:21:06 | 000,000,512 | ---- | C] () -- C:\Users\Pelley\Desktop\MBR.dat
[2012/02/01 18:45:12 | 000,001,233 | ---- | C] () -- C:\Users\Pelley\Desktop\FROSTWOLF.lnk
[2012/02/01 13:43:43 | 000,001,928 | ---- | C] () -- C:\Users\Pelley\Desktop\molten cata.lnk
[2012/01/31 08:32:02 | 000,002,153 | ---- | C] () -- C:\Users\Pelley\Desktop\Wow - Shortcut (2).lnk
[2012/01/23 19:47:05 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2012/01/17 18:27:08 | 000,000,980 | ---- | C] () -- C:\Users\Pelley\Desktop\Red Jets.lnk
[2011/12/07 11:17:38 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2011/10/09 16:27:41 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2011/10/09 11:14:54 | 000,000,017 | ---- | C] () -- C:\Users\Pelley\AppData\Local\resmon.resmoncfg
[2011/08/02 07:31:21 | 000,003,584 | ---- | C] () -- C:\Users\Pelley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 15:23:20 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/04 16:24:27 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/17 14:21:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/17 09:40:00 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/01/17 09:40:00 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/19 07:17:16 | 000,003,236 | ---- | C] () -- C:\Users\Pelley\AppData\Roaming\wklnhst.dat
[2010/04/30 08:49:16 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/04/17 19:28:00 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/17 13:27:00 | 000,000,398 | ---- | C] () -- C:\Windows\AudioConverter.INI
[2010/04/11 11:02:29 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat.temp
[2010/04/06 19:54:37 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/03/31 09:55:29 | 000,165,253 | ---- | C] () -- C:\Windows\hpoins37.dat
[2010/03/23 22:46:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010/03/22 07:02:28 | 000,069,632 | ---- | C] () -- C:\Windows\ST1_Un0.exe
[2010/03/16 22:14:39 | 000,004,737 | ---- | C] () -- C:\Windows\wininit.ini
[2010/03/15 10:35:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010/03/01 10:12:07 | 000,000,100 | ---- | C] () -- C:\Windows\Sfc3ng.ini
[2010/02/28 07:16:57 | 000,023,144 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/01/30 23:04:16 | 000,000,033 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/01/21 11:20:38 | 000,001,090 | ---- | C] () -- C:\Windows\eReg.dat
[2009/08/22 01:20:24 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 02:08:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 23:05:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 23:04:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:40:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 20:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:33:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 11:10:39 | 000,000,632 | ---- | C] () -- C:\Windows\hpomdl37.dat
[2009/06/10 17:56:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/02/05 16:23:28 | 000,060,416 | ---- | C] () -- C:\Windows\Memeo.ShellExtension.WicIO.dll
[2008/11/22 08:33:59 | 000,184,095 | ---- | C] () -- C:\Program Files\srcds_i486
[2008/11/22 08:33:59 | 000,010,645 | ---- | C] () -- C:\Program Files\srcds_run
[2008/11/22 08:08:46 | 000,088,606 | ---- | C] () -- C:\Program Files\left4dead.exe
[2008/11/22 08:08:46 | 000,075,389 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T6_56_18C37615.mdmp
[2008/11/22 08:08:46 | 000,074,483 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_33_58C37967.mdmp
[2008/11/22 08:08:46 | 000,073,727 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_33_7C142161.mdmp
[2008/11/22 08:08:46 | 000,072,718 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T2_30_13C40715.mdmp
[2008/11/22 08:08:46 | 000,063,687 | ---- | C] () -- C:\Program Files\Steam__3651__2008_11_10T6_55_0C1434.mdmp
[2008/11/22 08:08:46 | 000,000,567 | ---- | C] () -- C:\Program Files\installscript.vdf
[2008/11/22 08:08:46 | 000,000,422 | ---- | C] () -- C:\Program Files\hlds_steamgames.vdf
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2007/01/30 18:31:46 | 000,002,346 | ---- | C] () -- C:\Windows\EaseAudioConverter.ini
[2006/04/14 09:37:26 | 000,000,031 | ---- | C] () -- C:\Windows\aceg.ini
[1997/11/10 14:18:48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2011/11/12 11:55:44 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Babylon
[2012/02/15 17:31:23 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\BitTorrent
[2010/05/15 07:36:38 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Command and Conquer 4
[2011/11/13 08:20:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\DriverCure
[2010/06/26 11:52:14 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Facebook
[2011/11/29 09:26:29 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\FrostWire
[2010/09/02 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\gtk-2.0
[2011/05/06 06:13:23 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\IObit
[2010/09/15 12:33:03 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Leadertech
[2010/11/13 00:24:30 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LimeWire
[2011/04/20 08:24:58 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LolClient
[2011/12/08 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\LucasArts
[2012/01/23 19:33:13 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Memeo
[2011/12/22 15:57:51 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\MP3Rocket
[2011/09/05 17:06:45 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Netscape
[2011/02/27 12:11:31 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Playrix Entertainment
[2011/05/11 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Pogo Games
[2011/10/06 17:44:26 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Seagate
[2011/11/13 08:20:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\SpeedyPC Software
[2010/05/21 17:25:58 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\SpinTop Games
[2010/05/19 07:17:20 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Template
[2010/12/10 17:29:25 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Tific
[2011/11/07 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Tropico 3
[2011/05/21 15:33:41 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\TuneUp Software
[2011/12/07 06:04:48 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Ubisoft
[2010/05/15 08:35:25 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Uniblue
[2011/10/11 06:09:15 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\WhiteSmokeTranslator
[2010/06/01 09:30:47 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\WildTangent
[2011/03/23 18:37:46 | 000,000,000 | ---D | M] -- C:\Users\Pelley\AppData\Roaming\Windows Live Writer
[2012/02/16 06:57:15 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2012/01/30 06:32:04 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:700B9342
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D458568
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4001342B
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:7C60A173
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
How your computer is?


# Step 1 #

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    CHR - Extension: Facemoods =  C:\Users\Pelley\AppData\Local\Google\Chrome\User  Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4\
    O3 - HKLM\..\Toolbar: (facemoods Toolbar) -  {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files  (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll (facemoods.com)
    
    :Files
    C:\Program Files (x86)\facemoods.com
    
    :Commands
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/...escan/index.php
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#13
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
========== OTL ==========
File C:\Users\Pelley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.0.4 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
File C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3\facemoodsTlbr.dll not found.
========== FILES ==========
C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.4 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.3.61.3 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.
C:\Program Files (x86)\facemoods.com folder moved successfully.
========== COMMANDS ==========
Error creating restore point.

OTL by OldTimer - Version 3.2.31.0 log created on 02182012_232603

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
  • 0

#14
pelley28

pelley28

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer is still laggy, i gave it a few days to see how it was behaving, it seem's better but then it dont so its hard for me to tell what my problem is. still the same type of symptoms only less. Thank you vary much for your help.

Edited by pelley28, 23 February 2012 - 10:45 AM.

  • 0

#15
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
# Step 1 #

You have two antivirus installed on your computer (Avast and McAfee). Please uninstall one of them because have both installed brings no benefit for computer security. Besides, they can conflict and harm the performance of your computer.

Please, go to Start > Control Panel > and click in Add or Remove Programs. The remove these softwares below:
  • Avast or McAfee

To uninstall Avast:
http://www.avast.com/uninstall-utility

To uninstall McAfee:
http://service.mcafe...spx?id=TS100507

# Step 2 #

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Edited by GLeobas, 22 February 2012 - 04:25 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP