Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wins 7 virus removal help [Closed]


  • This topic is locked This topic is locked

#1
Hoaxhead

Hoaxhead

    New Member

  • Member
  • Pip
  • 2 posts
Hey everyone, I have an Emachines EL-1850 I got about a year ago. It doesnt have the best specs, but I could always play games on it (World of Warcract, Guild Wars) But now it wont play any games without a ton of lag! My internet is running very slow! Its just starting to annoy the [bleep] out of me haha. It hasnt gotten very bad yet, but I want to get rid of these virus's before it hurts my pc even more. Please help!

I dont have too much skill on computers. Dont know what im doing.

Thanks
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, Hoaxhead! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for Hoaxhead only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


Step 1

Posted Image Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image


Things I want to see in your next reply

  • OTL.txt
  • Extras.txt
  • aswMBR.txt

  • 0

#3
Hoaxhead

Hoaxhead

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
OTL.txt

OTL logfile created on: 2/11/2012 1:49:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.84% Memory free
3.93 Gb Paging File | 2.63 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 356.15 Gb Free Space | 78.51% Space Free | Partition Type: NTFS
Drive D: | 634.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/11 13:47:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Downloads\OTL.exe
PRC - [2011/09/05 05:07:00 | 002,068,480 | ---- | M] () -- C:\Program Files (x86)\WhiteSmokeTranslator\WSTrayDictMode.exe
PRC - [2011/07/27 05:06:44 | 000,267,488 | ---- | M] () -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
PRC - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/08/04 06:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/05 05:07:00 | 002,068,480 | ---- | M] () -- C:\Program Files (x86)\WhiteSmokeTranslator\WSTrayDictMode.exe
MOD - [2011/07/20 06:05:52 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010/08/04 06:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 03:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/28 17:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/27 05:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/04/16 18:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/04/01 04:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/11/03 15:39:25 | 003,904,976 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/03 17:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 15:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/11/18 02:51:42 | 001,043,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/05/11 07:50:55 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/04/20 19:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/04/01 04:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam C160(UVC)
DRV:64bit: - [2011/04/01 04:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/30 21:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 21:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 20:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 00:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 23:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/06 17:20:00 | 000,676,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/12/09 03:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/05 08:15:40 | 000,291,328 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2010/12/25 13:25:24 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\EX64.SYS -- (NAVEX15)
DRV - [2010/12/25 13:25:24 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/12/25 13:25:24 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110223.002\ENG64.SYS -- (NAVENG)
DRV - [2010/12/01 03:03:34 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110221.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/23 05:34:08 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/03 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://emachines.msn.com
IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://emachines.msn.com
IE - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...l_date=20111027
IE - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://emachines.msn.com
IE - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..keyword.URL: "http://search.mywebs...kwd&searchfor="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.3: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/05 05:10:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/10/09 12:43:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_5_1 [2012/02/10 16:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/10 18:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/02 00:13:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/10 18:35:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2011/10/02 00:13:03 | 000,000,000 | ---D | M]

[2011/04/19 22:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2012/02/10 12:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions
[2011/12/29 21:56:22 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
[2011/10/26 23:08:20 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2012/02/10 12:16:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/08/12 19:41:54 | 000,000,000 | ---D | M] (GPotato Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{c0326c12-9f06-4344-aa25-60267226bb7d}
[2011/10/26 23:08:20 | 000,001,945 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\searchplugins\bing-zugo.xml
[2011/08/17 01:40:08 | 000,009,946 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\searchplugins\ClanWars_21.xml
[2011/09/25 11:05:30 | 000,000,931 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\searchplugins\conduit.xml
[2012/01/25 09:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/20 06:03:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/07/13 14:54:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/01/25 09:20:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2012/02/10 16:05:50 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\COFFPLGN_2011_7_5_1
[2011/10/09 12:43:35 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPLGN
[2011/10/02 00:13:01 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 21:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010/01/01 02:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Portalarium Player (Enabled) = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djngcnhbkimfpbmkjameecckopadifoe\1.54_0\NPPortalariumPlayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.3 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Ryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Portalarium Player = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\djngcnhbkimfpbmkjameecckopadifoe\1.54_0\
CHR - Extension: Pocket Legends = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhpdbcnfpodnaefldpdohoibdajcfabp\1.7.5.3_0\
CHR - Extension: Gmail = C:\Users\Ryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmokeTranslator.lnk = C:\Program Files (x86)\WhiteSmokeTranslator\WSTrayDictMode.exe ()
O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{003784D9-EA42-41D5-90B2-D8B47DEFBF7D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{793CECCC-E224-4009-886B-ED9F221A90AB}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF9F04BB-C5EB-494C-9375-71BC1DA463D8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/10 16:00:18 | 000,669,072 | ---- | C] (MindSpark) -- C:\Program Files (x86)\21Uninstall Clan Wars.dll
[2012/02/09 20:40:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\SCE
[2012/01/29 16:58:04 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Nero
[2012/01/29 16:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/29 16:45:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/01/29 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/29 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/29 16:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/29 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/01/29 16:44:21 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/01/29 16:38:21 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Apple
[2012/01/29 16:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/01/29 16:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/01/29 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/01/29 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/01/29 16:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/01/29 16:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/01/25 09:31:05 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Unity
[2012/01/25 09:21:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Unity

========== Files - Modified Within 30 Days ==========

[2012/02/11 13:39:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 13:39:01 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/11 13:24:03 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/11 08:24:04 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/10 23:44:19 | 000,000,482 | ---- | M] () -- C:\Windows\wininit.ini
[2012/02/10 16:45:11 | 000,002,488 | ---- | M] () -- C:\Users\Ryan\Desktop\EverQuest II.lnk
[2012/02/10 16:13:43 | 001,510,358 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/10 16:13:43 | 000,406,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/10 16:13:43 | 000,005,372 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/10 16:06:42 | 000,001,350 | ---- | M] () -- C:\Users\Ryan\Desktop\Clean Registry for Free!.lnk
[2012/02/10 16:05:18 | 000,002,498 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/02/10 16:05:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/10 16:05:01 | 001,891,234 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\Cat.DB
[2012/02/10 16:04:36 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/10 15:02:20 | 000,000,274 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2012/02/09 11:32:44 | 000,002,353 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/02/08 01:13:17 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2012/01/29 16:45:31 | 000,001,792 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/27 22:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1207000.00D\isolate.ini
[2012/01/25 17:24:53 | 000,010,486 | ---- | M] () -- C:\Users\Ryan\Documents\Officer ranks.odt
[2012/01/24 21:20:10 | 000,017,095 | ---- | M] () -- C:\Users\Ryan\Documents\Country 1.odt
[2012/01/23 20:54:28 | 000,011,507 | ---- | M] () -- C:\Users\Ryan\Documents\New workout days.odt
[2012/01/23 00:17:26 | 000,013,109 | ---- | M] () -- C:\Users\Ryan\Documents\New Workout.odt
[2012/01/19 00:16:44 | 000,019,233 | ---- | M] () -- C:\Users\Ryan\Documents\America we stand.odt
[2012/01/19 00:16:40 | 000,019,645 | ---- | M] () -- C:\Users\Ryan\Documents\America 2.odt
[2012/01/18 16:35:03 | 000,017,498 | ---- | M] () -- C:\Users\Ryan\Documents\America 1.odt
[2012/01/15 12:35:14 | 000,001,656 | ---- | M] () -- C:\Windows\SysNative\ASOROSet.bin

========== Files Created - No Company Name ==========

[2012/02/10 16:30:01 | 000,002,488 | ---- | C] () -- C:\Users\Ryan\Desktop\EverQuest II.lnk
[2012/02/10 16:00:18 | 000,161,720 | ---- | C] () -- C:\Program Files (x86)\21res.dll
[2012/02/09 20:40:14 | 000,002,516 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EverQuest II.lnk
[2012/01/29 16:45:31 | 000,001,792 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/29 16:38:18 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/01/25 17:24:53 | 000,010,486 | ---- | C] () -- C:\Users\Ryan\Documents\Officer ranks.odt
[2012/01/24 21:20:10 | 000,017,095 | ---- | C] () -- C:\Users\Ryan\Documents\Country 1.odt
[2012/01/23 00:32:15 | 000,011,507 | ---- | C] () -- C:\Users\Ryan\Documents\New workout days.odt
[2012/01/23 00:17:24 | 000,013,109 | ---- | C] () -- C:\Users\Ryan\Documents\New Workout.odt
[2012/01/18 17:37:41 | 000,019,645 | ---- | C] () -- C:\Users\Ryan\Documents\America 2.odt
[2012/01/17 12:13:52 | 000,017,498 | ---- | C] () -- C:\Users\Ryan\Documents\America 1.odt
[2012/01/17 02:29:22 | 000,019,233 | ---- | C] () -- C:\Users\Ryan\Documents\America we stand.odt
[2012/01/15 12:26:08 | 000,001,656 | ---- | C] () -- C:\Windows\SysNative\ASOROSet.bin
[2011/08/07 21:26:43 | 000,000,482 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/10 18:29:03 | 000,205,484 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/05/10 18:29:03 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2011/04/01 04:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/04/01 04:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/04/01 04:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/02/10 17:40:24 | 000,753,740 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/25 19:34:30 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2010/08/25 19:34:30 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2010/08/25 19:34:30 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/11/17 13:09:10 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Systweak
[2011/11/17 13:09:10 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Systweak
[2010/12/25 08:14:27 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Barnes & Noble
[2011/08/20 18:53:11 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\LolClient
[2010/12/25 08:16:08 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\OEM
[2011/07/20 06:30:53 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\OpenOffice.org
[2011/12/20 02:23:42 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\SoftGrid Client
[2011/10/02 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Systweak
[2011/11/26 01:05:25 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Tific
[2011/03/08 12:08:20 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TP
[2012/01/25 09:31:05 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Unity
[2012/01/28 12:13:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WhiteSmokeTranslator
[2010/12/26 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WildTangent
[2012/02/10 15:02:20 | 000,000,274 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_DEFAULT.job
[2012/02/08 01:13:17 | 000,000,282 | ---- | M] () -- C:\Windows\Tasks\RegClean Pro_UPDATES.job
[2011/11/17 13:08:02 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 06:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2011/10/02 00:13:00 | 000,713,016 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2011/10/02 00:13:01 | 000,924,632 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/01/27 02:49:32 | 001,048,560 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 19:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2010/11/20 06:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< End of report >



Extras.txt

OTL Extras logfile created on: 2/11/2012 1:49:06 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ryan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.84% Memory free
3.93 Gb Paging File | 2.63 Gb Available in Paging File | 66.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 356.15 Gb Free Space | 78.51% Space Free | Partition Type: NTFS
Drive D: | 634.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2591424130-1659148995-1527997026-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14BC6853-A74E-4874-B50D-679889D1544D}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{307BFD68-0886-47AD-B461-5607F63B8B42}" = Microsoft Web Platform Installer 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CE47BA54-78AC-409F-9151-BDF5BE15A804}" = Network64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 30
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55C4B9E9-39C8-4BD6-9BCF-41BE40393A5F}" = D110
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E4B1BE8-DCF3-4B90-A726-B28107442623}" = SolutionCenter
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBFB2E59-B0DB-42C8-8F4D-CF4E85471667}" = Toolbox
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{cab2e8d7-08e4-42d2-a676-ddf729a26522}" = Nero 9 Essentials
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"gpotatotoolbar" = GPotato Toolbar
"Hotkey Utility" = Hotkey Utility
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InfraRecorder" = InfraRecorder
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"Mozilla Firefox 6.0.1 (x86 en-US)" = Mozilla Firefox 6.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RegClean Pro_is1" = RegClean Pro
"StartNow Toolbar" = StartNow Toolbar
"WhiteSmoke_Bar Toolbar" = WhiteSmoke Bar Toolbar
"WhiteSmokeTranslator" = WhiteSmokeTranslator
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT088147" = Agatha Christie - Death on the Nile
"WT088155" = Bejeweled 2 Deluxe
"WT088159" = Build-a-lot 2
"WT088166" = Chuzzle Deluxe
"WT088175" = Diner Dash 2 Restaurant Rescue
"WT088194" = Jewel Quest Solitaire 2
"WT088203" = Plants vs. Zombies
"WT088374" = Blackhawk Striker 2
"WT088394" = Dora's Carnival Adventure
"WT088414" = FATE
"WT088446" = John Deere Drive Green
"WT088450" = Penguins!
"WT088454" = Polar Bowler
"WT088458" = Polar Golfer
"WT088506" = Virtual Villagers 4 - The Tree of Life
"WT088521" = Zuma's Revenge
"WT088650" = 18 Wheels of Steel - American Long Haul
"WT088654" = Jewel Quest - Heritage

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2591424130-1659148995-1527997026-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab
"Photoelectric Effect" = Photoelectric Effect
"SOE-EverQuest II" = EverQuest II
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/15/2012 2:40:13 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/15/2012 2:40:13 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/16/2012 2:36:21 AM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/16/2012 2:36:21 AM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/16/2012 3:46:52 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/16/2012 3:46:52 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/17/2012 1:50:38 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/17/2012 1:50:38 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

Error - 1/19/2012 8:50:00 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 1/19/2012 8:50:00 PM | Computer Name = Ryan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The first DWORD in the Data section contains the error code.

[ System Events ]
Error - 10/1/2011 9:52:51 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/2/2011 2:13:12 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/2/2011 2:14:01 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/2/2011 2:14:01 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/2/2011 2:16:32 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/2/2011 2:16:46 AM | Computer Name = Ryan-PC | Source = NetBT | ID = 4321
Description = The name "RYAN-PC :0" could not be registered on the interface
with IP address 192.168.1.62. The computer with the IP address 192.168.1.99 did
not allow the name to be claimed by this computer.

Error - 10/12/2011 5:17:47 AM | Computer Name = Ryan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:15:47 AM on ?10/?12/?2011 was unexpected.

Error - 10/12/2011 5:23:13 AM | Computer Name = Ryan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:21:47 AM on ?10/?12/?2011 was unexpected.

Error - 10/22/2011 11:13:49 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the UMVPFSrv service.

Error - 10/28/2011 3:22:12 PM | Computer Name = Ryan-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:20:33 PM on ?10/?28/?2011 was unexpected.


< End of report >


aswMBR

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-11 14:09:37
-----------------------------
14:09:37.426 OS Version: Windows x64 6.1.7601 Service Pack 1
14:09:37.426 Number of processors: 1 586 0x1601
14:09:37.426 ComputerName: RYAN-PC UserName: Ryan
14:09:40.655 Initialize success
14:17:41.423 AVAST engine defs: 12021101
14:21:02.134 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
14:21:02.134 Disk 0 Vendor: Hitachi_HDS721050CLA362 JP2OA3EA Size: 476940MB BusType: 3
14:21:02.150 Disk 0 MBR read successfully
14:21:02.150 Disk 0 MBR scan
14:21:02.165 Disk 0 Windows 7 default MBR code
14:21:02.165 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
14:21:02.197 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
14:21:02.197 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 464550 MB offset 25372672
14:21:02.212 Service scanning
14:21:03.663 Modules scanning
14:21:03.663 Disk 0 trace - called modules:
14:21:03.679 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
14:21:03.694 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80027166e0]
14:21:04.147 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa8002627520]
14:21:04.147 5 ACPI.sys[fffff88000ec67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8002623680]
14:21:06.190 AVAST engine scan C:\Windows
14:21:09.139 AVAST engine scan C:\Windows\system32
14:24:46.915 AVAST engine scan C:\Windows\system32\drivers
14:25:14.168 AVAST engine scan C:\Users\Ryan
14:31:04.398 AVAST engine scan C:\ProgramData
14:34:07.741 Scan finished successfully
14:38:29.322 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
14:38:29.322 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"


That is all of it.
  • 0

#4
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

Please uninstall the following programs via Control Panel > Uninstall a program (if present):

  • Java™ 6 Update 22
  • GPotato Toolbar
  • StartNow Toolbar
  • WhiteSmoke Bar Toolbar
  • WhiteSmokeTranslator


Step 2

If you have Malwarebytes 1.6 or later installed, please disable it for the duration of this run.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    MOD - [2011/09/05 05:07:00 | 002,068,480 | ---- | M] () -- C:\Program Files (x86)\WhiteSmokeTranslator\WSTrayDictMode.exe
    SRV - [2011/07/27 05:06:44 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
    IE - HKLM\..\URLSearchHook: {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke Bar Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3007394&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "WhiteSmoke Bar Customized Web Search"
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3007394&SearchSource=13"
    FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=9WyyyyyyYYus&ptb=F8094B63-BA60-45BB-99E9-1A1724B93593&ind=2011081702&ptnrS=9WyyyyyyYYus&si=&n=77deabe6&psa=&st=kwd&searchfor="
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WhiteSmokeTranslator\WCaptureMoz [2011/10/02 00:13:03 | 000,000,000 | ---D | M]
    [2011/12/29 21:56:22 | 000,000,000 | ---D | M] (WhiteSmoke Bar Community Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{167d9323-f7cc-48f5-948a-6f012831a69f}
    [2011/10/26 23:08:20 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2011/08/12 19:41:54 | 000,000,000 | ---D | M] (GPotato Toolbar) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\extensions\{c0326c12-9f06-4344-aa25-60267226bb7d}
    [2011/10/26 23:08:20 | 000,001,945 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\searchplugins\bing-zugo.xml
    [2011/09/25 11:05:30 | 000,000,931 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\em427dfl.default\searchplugins\conduit.xml
    [2011/07/20 06:03:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/07/13 14:54:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    O2 - BHO: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O2 - BHO: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (WhiteSmoke Bar Toolbar) - {167d9323-f7cc-48f5-948a-6f012831a69f} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll ()
    O3 - HKLM\..\Toolbar: (GPotato Toolbar) - {c0326c12-9f06-4344-aa25-60267226bb7d} - C:\Program Files (x86)\gpotatotoolbar\vmntemplateX.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2591424130-1659148995-1527997026-1000\..\Toolbar\WebBrowser: (WhiteSmoke Bar Toolbar) - {167D9323-F7CC-48F5-948A-6F012831A69F} - C:\Program Files (x86)\WhiteSmoke_Bar\prxtbWhit.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" File not found
    O4 - Startup: C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch WhiteSmokeTranslator.lnk = C:\Program Files (x86)\WhiteSmokeTranslator\WSTrayDictMode.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
    [2012/01/28 12:13:50 | 000,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\WhiteSmokeTranslator
    
    :Files
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • If no log appears upon reboot, the OTL Fix log should be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 3

  • Go to Start > All Programs > Accessories > System Tools > Disk Defragmenter.
  • Select your main drive (usally C:\).
  • Cick Defragment Disk.
  • Reboot your computer after the defragmentation as been completed.

Things I want to see in your next reply

  • OTL Fix Log
  • OTL.txt

  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP