Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My System Is Extremely slow and I have tried everything this grandma h

Started by Wendycisme , Jun 15 2012 05:51 PM

  • Please log in to reply

#1
Wendycisme
Posted 15 June 2012 - 05:51 PM

Wendycisme

    New Member

  • Member
  • Pip
  • 8 posts
Hi! I seriously admire your generosity and intelligence!

I have spyware, antivirus protection and feel like I know enough about computers to figure out that mine is excessively slow and through all the things I have tried to clean it up, I am not getting anywhere.
I was in the process of using hijackthis to try and dig out what may be a bunch of junk causing this.
I then redirected my interest in OTL. I ran the scan and went through it with the tut and I am sure that I need help.

ALSO- I am worried about the Extra Scan says there is a "bad block". Could that cause the speed?

Here are the scan copies:

OTL logfile created on: 6/15/2012 3:05:12 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.60 Mb Total Physical Memory | 129.34 Mb Available Physical Memory | 13.49% Memory free
2.26 Gb Paging File | 1.46 Gb Available in Paging File | 64.55% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 65.08 Gb Free Space | 73.26% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive G: | 121.16 Mb Total Space | 7.72 Mb Free Space | 6.37% Space Free | Partition Type: FAT

Computer Name: YOUR-E92F6775CF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\WINDOWS\system32\FlashPlayerApp.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfNavi.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libGLESv2.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\1.0.0.2\libEGL.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfNavi.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfPack.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\libexpat.dll ()
MOD - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys ()
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 08:31:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2012/04/26 14:50:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Fotoshop = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdoogjlcmfcbfigifddopkepcloellfj\1.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grimdi Animator = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkojlkbedcenfecoecpbemjpjonboaal\1.2_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.35_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: Game Box = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpcpileajeplkmflpjidjhnpdjoiadej\1.6_0\
CHR - Extension: iPiccy Photo Editor = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Classic Popup Blocker = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp\2.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/08/07 14:04:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TheBflix Class) - {E12E0C6F-152A-4DD3-94AA-E73C3EA84FF9} - C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll ()
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1645F6-B0D3-439F-B17C-BCAD74C31DAB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 18:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell - "" = AutoRun
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/15 10:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Start Menu\Programs\HiJackThis
[2012/06/15 10:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Ad-Aware Antivirus
[2012/06/10 14:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc
[2012/06/10 14:46:15 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2012/06/10 14:46:08 | 000,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2012/05/26 19:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/05/26 19:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software
[2012/05/26 19:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\My PSP Files
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc Software Inc
[2012/05/25 13:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/25 13:37:20 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2012/05/25 13:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/25 13:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/25 13:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/25 13:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/25 13:34:36 | 004,547,944 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2012/05/25 13:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/25 13:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/25 13:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/05/19 13:34:54 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/17 01:22:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/15 14:59:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2595757856-35230044-1203428-1006UA.job
[2012/06/15 14:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/15 10:50:27 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\HiJackThis.lnk
[2012/06/15 09:37:39 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/15 09:37:10 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/15 09:37:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/15 09:37:00 | 1005,236,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/14 18:59:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2595757856-35230044-1203428-1006Core.job
[2012/06/11 22:05:52 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Google Chrome.lnk
[2012/06/11 22:05:52 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 21:32:16 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Printers and Faxes.lnk
[2012/06/09 17:53:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/04 00:29:31 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2012/05/27 23:05:16 | 000,013,216 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\pspbrwse.jbf
[2012/05/26 20:32:34 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Photo Album 5.lnk
[2012/05/26 20:18:33 | 000,031,764 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/26 10:26:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/20 00:48:40 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/19 13:34:54 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/19 13:34:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/15 10:50:27 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\HiJackThis.lnk
[2012/06/11 21:32:16 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Printers and Faxes.lnk
[2012/05/27 23:05:16 | 000,013,216 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\pspbrwse.jbf
[2012/05/26 20:32:34 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Photo Album 5.lnk
[2012/05/26 20:18:33 | 000,031,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/26 19:53:41 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2012/05/19 13:34:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/05 23:23:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2012/05/03 13:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2008/12/21 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/05/11 11:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/04/01 12:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jKiMhFh08514
[2011/03/14 00:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/05/11 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2006/09/10 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/21 15:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/11 11:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheBflix
[2003/01/01 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/25 13:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/06/15 10:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Ad-Aware Antivirus
[2012/06/10 14:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc
[2003/01/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\SampleView
[2006/09/10 14:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\ScanSoft
[2006/09/10 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Template
[2012/05/17 01:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\uTorrent
[2006/07/29 20:38:21 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2006/07/29 20:38:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job

========== Purity Check ==========



< End of report >

Here is the Extras scan:
OTL Extras logfile created on: 6/15/2012 12:02:32 PM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.60 Mb Total Physical Memory | 111.26 Mb Available Physical Memory | 11.61% Memory free
2.26 Gb Paging File | 1.49 Gb Available in Paging File | 65.92% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 65.06 Gb Free Space | 73.24% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive G: | 121.16 Mb Total Space | 7.72 Mb Free Space | 6.37% Space Free | Partition Type: FAT

Computer Name: YOUR-E92F6775CF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\1041480197\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1041480197\EE\AOLServiceHost.exe:*:Disabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Disabled:AOL Application Loader -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Disabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Disabled:AOLTsMon
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager -- (Intuit, Inc.)
"C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe" = C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe:*:Enabled:Toolbox for HP Printing System for Windows
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe:*:Enabled:Belkin Router Monitor -- (Affinegy, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{24960CD0-661D-4957-9D5F-D2905A30EDB1}" = Jasc Paint Shop Photo Album 5
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37476589-E48E-439E-A706-56189E2ED4C4}" = TheBflix
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AE5A1B4-D6AE-48D4-A07F-46A806CD53E6}" = HP Officejet Pro 8500 A910 Basic Device Software
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{40E12A55-C504-4223-AFAC-7672DBF1ACDE}" = Trend Micro AntiVirus
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro AntiVirus
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{871B2A9D-0F12-44B3-88C1-E0CB10A232E4}" = HP Officejet Pro 8500 A910 Help
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A2F0810-3626-4E86-9072-973FBE1679C5}" = QuickBooks Premier: Contractor Edition 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"BigFix" = BigFix
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Money2006b" = Microsoft Money 2006
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"RealPlayer 6.0" = RealPlayer Basic
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/24/2011 2:59:43 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from
file:'.\.\src\ConnPool.cpp' at line 994 from function:'DBMgr::DBConnPool::ini

Error - 7/26/2011 6:42:58 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/26/2011 6:42:58 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/26/2011 6:42:58 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/26/2011 6:42:58 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 7/26/2011 6:43:28 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": Connection Error:Invalid user ID or passwo

Error - 7/26/2011 6:43:28 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": Connection String:CON=QBConnectionPool-Probe-QB_data_engine_19; ;DBF=C:\Documents
and Settings\All Users\Documents\Intuit\QuickBooks\Company Files\R.D. CHANEY.QBW;ENG=QB_data_engine_19;DBN=31a0bab7c90c4d2fb6ce7867fef8e8

Error - 7/26/2011 6:43:28 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from
file:'.\.\src\ConnPool.cpp' at line 994 from function:'DBMgr::DBConnPool::ini

Error - 7/26/2011 8:05:25 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": An attempt to LogOff without a logo

Error - 7/26/2011 8:05:42 PM | Computer Name = YOUR-E92F6775CF | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks: Premier Contractor
Edition 2009": An attempt to LogOff without a logo

[ System Events ]
Error - 6/15/2012 12:37:11 PM | Computer Name = YOUR-E92F6775CF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 6/15/2012 12:37:11 PM | Computer Name = YOUR-E92F6775CF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 6/15/2012 12:37:11 PM | Computer Name = YOUR-E92F6775CF | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 6/15/2012 12:37:11 PM | Computer Name = YOUR-E92F6775CF | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 6/15/2012 12:37:11 PM | Computer Name = YOUR-E92F6775CF | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 6/15/2012 1:34:09 PM | Computer Name = YOUR-E92F6775CF | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/15/2012 1:35:17 PM | Computer Name = YOUR-E92F6775CF | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/15/2012 3:02:27 PM | Computer Name = YOUR-E92F6775CF | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/15/2012 3:13:55 PM | Computer Name = YOUR-E92F6775CF | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 6/15/2012 3:14:31 PM | Computer Name = YOUR-E92F6775CF | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

Edited by Dakeyras, 16 June 2012 - 04:03 AM.
Removed posted email add' for safety reasons.

  • 0

Advertisements

#2
BlackOxide
Posted 16 June 2012 - 07:30 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Wendycisme! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start ;)




958.60 Mb Total Physical Memory | 129.34 Mb Available Physical Memory | 13.49% Memory free

You do seem to be a bit low on memory, which can cause your system to run more slowly.

Also, as you mentioned earlier, there does seem to be evidence that your Hard Drive contains one or more Bad Blocks. We will come back to the RAM and Hard Drive issues later, once we have checked further for malware :)



Lets begin with removing some old Java entries with OTL and clearing any Temp files that are present.

Can you do the following steps for me please, then get back to me with the relevant logs:


1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

If it asks to download the Avast defintions, just click No.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




3)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
OTL log
aswMBR log
MBAM log
  • 0

#3
Wendycisme
Posted 18 June 2012 - 03:35 PM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have almost completed all ot the things you have directed me to do however;
Right after the scan finished and before I had all of the items selected to remove all of these files the program stopped responding. I opened it again and the files apparently were quarintined but I don't know what to do with them from the "quarentined file" do I remove them all? I don't want to screw this up!


OTL logfile created on: 6/18/2012 2:20:48 AM - Run 2
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.60 Mb Total Physical Memory | 384.30 Mb Available Physical Memory | 40.09% Memory free
2.26 Gb Paging File | 1.68 Gb Available in Paging File | 74.33% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.84 Gb Total Space | 66.56 Gb Free Space | 74.93% Space Free | Partition Type: NTFS
Drive D: | 4.30 Gb Total Space | 2.39 Gb Free Space | 55.45% Space Free | Partition Type: FAT32
Drive G: | 121.16 Mb Total Space | 7.72 Mb Free Space | 6.37% Space Free | Partition Type: FAT

Computer Name: YOUR-E92F6775CF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\5adb0f89d469632511aed9d88cfe05c4\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\37217abe2c5164e59aba251860f4c79e\System.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
MOD - C:\Program Files\Trend Micro\Internet Security\UfPack.dll ()
MOD - C:\Program Files\Trend Micro\Internet Security\libexpat.dll ()
MOD - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AffinegyService) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (Changer) -- File not found
DRV - (AFGMp50) -- System32\Drivers\AFGMp50.sys File not found
DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - (AFGSp50) -- C:\WINDOWS\system32\drivers\AFGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys ()
DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys ()
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys ()
DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...ys=PTB&M=MX3414
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2595757856-35230044-1203428-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\WINDOWS\system32\npdeployJava1.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Fotoshop = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdoogjlcmfcbfigifddopkepcloellfj\1.1_0\
CHR - Extension: YouTube = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Grimdi Animator = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fkojlkbedcenfecoecpbemjpjonboaal\1.2_0\
CHR - Extension: AdBlock = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.36_0\
CHR - Extension: Game Box = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gpcpileajeplkmflpjidjhnpdjoiadej\1.6_0\
CHR - Extension: iPiccy Photo Editor = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imokeandodnlammaoenbgcnbhigjbpjh\1.1_0\
CHR - Extension: Classic Popup Blocker = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lijicndbkjoplmhnclmoahmcaffaeapp\2.1_0\
CHR - Extension: Gmail = C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/08/07 14:04:28 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TheBflix Class) - {E12E0C6F-152A-4DD3-94AA-E73C3EA84FF9} - C:\Documents and Settings\All Users\Application Data\TheBflix\bhoclass.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-2595757856-35230044-1203428-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DriveIcons] C:\Program Files\DriveIcon\DriveIcon.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2595757856-35230044-1203428-1006..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2595757856-35230044-1203428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2595757856-35230044-1203428-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF1645F6-B0D3-439F-B17C-BCAD74C31DAB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 18:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell - "" = AutoRun
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{42c1cc67-1f79-11db-bcca-0003253c5cae}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 02:02:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/15 10:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Start Menu\Programs\HiJackThis
[2012/06/15 10:28:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Ad-Aware Antivirus
[2012/06/10 14:47:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc
[2012/05/26 19:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/05/26 19:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Jasc Software
[2012/05/26 19:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Jasc Software Inc
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\My Documents\My PSP Files
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\Jasc Software Inc
[2012/05/26 19:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc Software Inc
[2012/05/25 13:37:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/05/25 13:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/05/25 13:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/05/25 13:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/25 13:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/05/25 13:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/05/25 13:29:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/05/25 13:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/25 13:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer

========== Files - Modified Within 30 Days ==========

[2012/06/18 02:33:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/18 02:11:40 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/18 02:10:11 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 02:09:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 02:09:06 | 1005,236,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 01:59:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2595757856-35230044-1203428-1006UA.job
[2012/06/18 01:57:14 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Shortcut to OTL.lnk
[2012/06/17 18:59:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2595757856-35230044-1203428-1006Core.job
[2012/06/15 10:50:27 | 000,002,016 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\HiJackThis.lnk
[2012/06/11 22:05:52 | 000,002,402 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Google Chrome.lnk
[2012/06/11 22:05:52 | 000,002,380 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/06/11 21:32:16 | 000,000,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Printers and Faxes.lnk
[2012/06/09 17:53:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/04 00:29:31 | 000,002,523 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2012/05/27 23:05:16 | 000,013,216 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\pspbrwse.jbf
[2012/05/26 20:32:34 | 000,001,892 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Photo Album 5.lnk
[2012/05/26 20:18:33 | 000,031,764 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/26 10:26:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/20 00:48:40 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/06/18 01:57:14 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Shortcut to OTL.lnk
[2012/06/15 10:50:27 | 000,002,016 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\HiJackThis.lnk
[2012/06/11 21:32:16 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\Printers and Faxes.lnk
[2012/05/27 23:05:16 | 000,013,216 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\pspbrwse.jbf
[2012/05/26 20:32:34 | 000,001,892 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Photo Album 5.lnk
[2012/05/26 20:18:33 | 000,031,764 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/26 19:53:41 | 000,002,523 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jasc Paint Shop Pro 9.lnk
[2012/05/19 13:34:56 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/05 23:23:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

========== LOP Check ==========

[2003/01/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2012/05/03 13:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2008/12/21 14:54:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/05/11 11:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/04/01 12:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\jKiMhFh08514
[2011/03/14 00:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2012/05/11 00:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2006/09/10 14:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/12/21 15:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/05/11 11:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TheBflix
[2003/01/01 21:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/05/25 13:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2003/01/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2012/06/15 10:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Ad-Aware Antivirus
[2012/06/10 14:47:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Jasc
[2003/01/01 21:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\SampleView
[2006/09/10 14:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\ScanSoft
[2006/09/10 21:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\Template
[2012/05/17 01:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-E92F6775CF\Application Data\uTorrent
[2006/07/29 20:38:21 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
[2006/07/29 20:38:22 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job

========== Purity Check ==========



< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 02:55:10
-----------------------------
02:55:10.187 OS Version: Windows 5.1.2600 Service Pack 2
02:55:10.187 Number of processors: 2 586 0x4802
02:55:10.187 ComputerName: YOUR-E92F6775CF UserName: Owner
02:59:23.671 Initialize success
03:00:48.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
03:00:48.531 Disk 0 Vendor: ST9100825A 3.06 Size: 95396MB BusType: 3
03:00:48.562 Disk 0 MBR read successfully
03:00:48.562 Disk 0 MBR scan
03:00:48.562 Disk 0 unknown MBR code
03:00:48.578 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 90969 MB offset 9044595
03:00:48.578 Disk 0 Partition 2 00 0B FAT32 RECOVERY 4416 MB offset 63
03:00:48.593 Disk 0 scanning sectors +195350400
03:00:48.671 Disk 0 scanning C:\WINDOWS\system32\drivers
03:00:58.281 Service scanning
03:01:07.656 Service tmactmon C:\WINDOWS\system32\drivers\tmactmon.sys **LOCKED** 5
03:01:07.843 Service tmcomm C:\WINDOWS\system32\drivers\tmcomm.sys **LOCKED** 5
03:01:07.906 Service tmevtmgr C:\WINDOWS\system32\drivers\tmevtmgr.sys **LOCKED** 5
03:01:10.000 Modules scanning
03:01:51.078 Disk 0 trace - called modules:
03:01:51.093 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
03:01:51.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8613a030]
03:01:51.093 3 CLASSPNP.SYS[f75f105b] -> nt!IofCallDriver -> \Device\0000008b[0x8613b3b8]
03:01:51.093 5 ACPI.sys[f7407620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86156940]
03:01:51.109 Scan finished successfully
03:03:04.875 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\MBR.dat"
03:03:04.890 The log file has been saved successfully to "C:\Documents and Settings\Owner.YOUR-E92F6775CF\Desktop\aswMBR.txt"

The MBAM.log is a clean report although in Quarantine tab there were REG Keys and 25 other bad things that were deleted by me and at that time I ran another scan and it was clean. I cannot find the MBAM.log file anywhere. I know I saved it but I am obviously NOT a perfect human. *beats her head with the keyboard*

I am going to be patiently waiting to hear back from you.
Thank you so much!

Edited by Wendycisme, 18 June 2012 - 06:33 PM.

  • 0

#4
BlackOxide
Posted 19 June 2012 - 11:47 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Thanks for the OTL and aswMBR logs.


Right after the scan finished and before I had all of the items selected to remove all of these files the program stopped responding. I opened it again and the files apparently were quarintined but I don't know what to do with them from the "quarentined file" do I remove them all? I don't want to screw this up!

As long as they are in the Quarantine, that's fine, you can just leave them in there :)

Also, if MBAM is now not finding any files after doing a Quick Scan, it comfirms it has definitely got rid of the items it found earlier.




The MBAM.log is a clean report although in Quarantine tab there were REG Keys and 25 other bad things that were deleted by me and at that time I ran another scan and it was clean. I cannot find the MBAM.log file anywhere. I know I saved it but I am obviously NOT a perfect human. *beats her head with the keyboard*


We should still be able to find the MBAM log. Just follow the instructions below. If you could get back to me with the previous scan you did where it found those files but then seemed to crash, that would be helpful, so I can just see what type of infections it found.


1)
To open MBAM log files...
  • Open MBAM and click the Logs tab at the top
  • They should be in Date/Time order, please choose the log from the previous run whereby those infections were found, then click Open.
  • Copy and Paste the log into your next reply




Your OTL and aswMBR logs look good, so if you could try and get back to me with the MBAM log(s), once I've taken a look at those I'll decide on how to proceed from here :)
  • 0

#5
Wendycisme
Posted 20 June 2012 - 11:27 AM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good morning!

Here is the last log I was able to find it outsidr of the program. I opted out of creating any short cuts when I down loaded them. I appreciate your help a whole bunch!

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: YOUR-E92F6775CF [administrator]

6/18/2012 2:42:50 PM
mbam-log-2012-06-18 (14-42-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228521
Time elapsed: 19 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

:rolleyes: I hope there is enough info. I did look all over for any other stray logs.
I don't know if it is something you need to see id a copy of the scan from "hijackthis" program.

I am thinking that I need to get rid of that program and another one that was mentioned a lot in the first scan that went to the quarantine folder along with a program called ThebigFix. Will I be doing that at some point or should I wait and let you walk me through it?
  • 0

#6
BlackOxide
Posted 20 June 2012 - 12:21 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
You can ignore HijackThis now, as we no longer use it here anymore and haven't done for quite some time, as OTL is much superior to it. However, OTL and HijackThis are only for manually removing entries, so they are different to running your standard Anti Virus and Malware scans like Malwarebytes Anti Malware etc. I would only advise you to run OTL or HijackThis when you post on this forum, otherwise they are not needed really.


Going back to finding the MBAM log, even though you didn't create a shortcut when installing the program, if you click the Start button down the bottom left of the screen, then go to All Programs > Malwarebytes Anti Malware, you should see a shortcut to the program there. So click on Malwarebytes Anti-Malware on this menu and it should open. Then go to the Logs tab at the top and hopefully you should see the log entries there, where you can just double click on any of them to open them up. If you could try this for me and see if you can find the one where you removed those infections please, that would be great :)
  • 0

#7
Wendycisme
Posted 20 June 2012 - 09:47 PM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I double and triple checked for that log. In fact right after clicking "Delete" in the quarantine tab I felt that sinking feeling in my gut when the word in the result screen prior to that said "Remove". That was the first time I thought to get a copy of that log and there was nothing asking me if I want to save anything at the end. I looked on the desktop where I usually save stuff like that.

I scanned my whole computer for anything with MBAM.log or .txt I have been a bit of a computer geek who could build a home CPU with modems and RAM cards and it was fun...not so much in the last 6-7 years. So about all I know how to is run programs but I cannot make them respond. :surrender: So I "get" why that would have been 'desired'

What happened was that the the list came up in the 'found objects' and as I was scrolling through it real quick to see how long the list was. I checked 1 box at which time the program was "not responding". It was not looking good because it wasn't starting to work...I clicked "remove" thinking that having just one clicked that the load would be lighter for the "not responding" problem.

That didn't work either. I left it alone for a while but I was getting messages to "Send an error report to Microsoft" and close the program happens right after that step.

I restarted the computer and went back to the program and looked for the object list. They were then in the quarantine and I emailed you. I went poking around in there to see if there was a log but there was nothing. The program stopped responding again and I had to restart all of it again. I feared that not 'removing' them might have started a new mal-ware problem that was caused by me screwing it up.
I then decided to get what was in the quarantine out, figuring there would have tohave a log after that...but not for me, not this time.

So, if there is somewhere else I can look, like in the file that sends an error message to Microsoft maybe or system logs you can tell me how to search those...I will.

Sorry for the long winded-ness. Just hoping that might make sence about why there is no log file.

~Awaiting your response...Wendy

Edited by Wendycisme, 20 June 2012 - 10:03 PM.

  • 0

#8
BlackOxide
Posted 21 June 2012 - 02:09 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No worries, thanks for the explanation. It sounds like the log would not be present anymore. It's nothing major, we just like to see them to find out the type of infections it removed, but as long it removed them, then we should be ok :)

What I'd like to do now, before running any other scans, is to check the Hard Drive out for Bad Blocks. If you could follow the steps below, then get back to me with the screenshot of the finished scan please.


Lets check for any Bad Blocks on the Hard Drive...

  • Download HDTune from here
  • Once installed, run the program
  • Make sure that your correct Hard Drive is on the drop down menu at the top (Should be ST9100825A)
  • Click the Error Scan tab
  • Make sure Quick Scan is NOT ticked
  • Click the Start button to scan your Hard Drive
  • Once the scan his finished, Take a screenshot of this window by clicking on the little blue floppy disk icon that is near the Exit button
  • Save this screenshot to a known location
  • Attach the screenshot to your next reply

To attach a file...
  • Click Add Reply as you would do normally
  • Then within the 'Attachments' area, click Browse and select the file that you want to attach
  • Click the Attach This File button
  • Now click Add to Post on the right hand side, to insert the attachment into your post.

  • 0

#9
Wendycisme
Posted 22 June 2012 - 11:37 AM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Good morning Black Oxide,
Here is the result from HD Tune. I thought I would take this time to ask you a related question that might sound silly to you but after using that last program causes me to ask.

At the same time this computer is dragging it's feet, the fan runs and runs in what I assumed was due to, in layman's terms, how hard the hard drive was working in it's old age yet the heat worries me. Keeping it cool-er is important to me so I have it sit on a platform keeping the under part and sides up off the desk.

This has kept it from crashing from being over heated but it still has the fan pumping out hot air whenever it is on. I don't let it sit for long periods without closing it to let it cool off. Is this a factor in why is slow or the other way around?

Thank you!
HDTune_Error_Scan_ST9100825A.png
  • 0

#10
BlackOxide
Posted 22 June 2012 - 01:36 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hey,

Unfortunately that Hard Drive Scan shows us that your Hard Drive is not in a good state :( Having 5 Bad Blocks on the drive means, that even though it's currently working, things like slowness, crashing and risk of data loss become common and it stands a chance of failing completely at some point. The ideal thing to do in this situation is to change the Hard Drive for a new one. Firstly though, make sure you always have a backup of your important data, so if it does decide to fully die on you, you have your data elswhere.

With the heat issue, the Hard Drive situation would not cause the PC to heat up or for the fans to whir heavily. This is probably down to a dust build up on the Fans or on the Processor Heat Sink. Usually, blowing out all of the dust (and maybe applying new thermal paste to the Processor) will solve both the fan and the heat issues. If you want, I can show you how to do these, but I would say the Hard Drive issue is the most important thing to think about first.

Let me know what you want to do about the Hard Drive. You could technically still use the PC and we can run a Chkdsk to try and minimize any current file corruption, but the Bad Blocks will still remain, so the chance of it failing badly at any time is still there. One downside to new Hard Drives, is that they are currently not that cheap. You will be paying the best part of $100 for a new drive.
  • 0

Advertisements

#11
Wendycisme
Posted 22 June 2012 - 07:53 PM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay,
I need to back up my files.
I am curious about how a block becomes corrupt?

Yes, I would like to minimize the corruption on the hard drive if you could send me through that process. I remember how but my memory is equal to this PC's so I would appreciate your guidance.

I do want to replace the hard drive. I can afford that more than a new PC. I have my last PC sitting next to me which is in blue screen purgatory. :blush: I did not back it up in time :upset: and I hope to get that one back from the dead one day soon. Anyway, should we do the scan and checking of disks before or after I figure out how to back it up?

I would also appreciate it if you could tell me how to get the fan to stop whirring. It makes me feel like the end near.

I can't thank you enough for your help. I look forward to my next mission.
~Wendyc
  • 0

#12
BlackOxide
Posted 23 June 2012 - 08:32 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts

I am curious about how a block becomes corrupt?

Often they can just appear, due to a small physical defect on the disk surface itself. Other times they can appear if the Hard Drive has had a knock or drop etc. It's probably nothing you've done yourself. I had a Hard Drive on my old PC with around 8 Bad Blocks and it never moved from it's spot under my desk, so often it is just the drive itself that starts to have defects on it's own.


I think the best way to tackle this one would be to 1st - Get your important data backed up, 2nd - Run a Full Chkdsk on the drive, then 3rd - Remove the Dust from the Fans.


On to the Backup. I often recommend people to go through their Files/Folders/Programs and jot down on a piece of paper what data they would like to backup. You can backup your data onto CD/DVD/USB Sticks etc (depending on your overall size of the data you are copying). It may be easier to just copy the files you want onto your backup medium, but there are a number of free backup programs which can do this for you. Let me know when you've backed up the data you need, or if you have any questions or problems with this :)
  • 0

#13
Wendycisme
Posted 25 June 2012 - 03:12 PM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello,

After considering all of the data on the computer I would like to explore the "free back up programs" that can help me with this. I need to take this seriously and be sure that it is done correctly.

Looking back to the last 3 or 4 computers, I have lost an unimaginable number of files, original animations, digital creations, photographs, business records, documentation and beyond by not getting enough backed up or doing it wrong.

I think if there is help, I should take advantage of it. :yes: Please.
  • 0

#14
BlackOxide
Posted 26 June 2012 - 01:18 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
That's fine no problem :)

There's two I would recommend, SyncBack Free and Auslogics BitReplica. The one I use is called SyncBack Free. I'll briefly explain both below. You can download the Installation file for SyncBack from here. Once downloaded, just Right click the Zip File and Choose Extract here, which will extract the files into a folder with the same name. Inside there will be a setup file, just double click this and follow the onscreen prompts to install it.

Note - This program can do backups of your files, but it can also Sync folders, drives etc. All we are going to be doing is using the Backup part of it.

When you run it the first time, it should ask you to create a new profile. Just agreee to this and choose the Backup method, not Synchronisation. (All it means by a profile, is that it will remember your settings and selections, so you don't have to set it up each time you run the program).

You should get to this screen:

Posted Image

In the Source at the top, choose which Folder you want to backup. In the Destination, choose your Backup Drive, USB Stick etc. If there is more than one location you want to backup, you can click the Sub-dirs drop down (just below Destination) and choose "Let me choose which sub directories and their files". Then you can click the Sub-direcotires tab and Untick or tick any folders.

The way I have this setup, is that I have an External Drive, that I just keep my Documents, Pictures and Music on. I have one profile for each of these folders in SyncBack (so 3 Profiles in total). It just makes it easier for me to backup any one of these when I want to. Sometimes if you are bundling many many folders together, it can get confusing when you just have one profile and lots of ticked and unticked sub directories.


Have a play with SyncBack and see how you get on. If you find it a bit complicated (I admit it's not the easiest one available, but it is reliable), have a go with Auslogics BitReplica which can be found here. I know a couple of people who use it, and I have set it up on a friends PC and it is quick and nice to use. A very brief guide with images can be seen here. This one may suit you better than SyncBack, as SyncBack has many advanced features which you may not use.

If you have any questions with either of these, let me know.

Also what is the Make and Model of your Laptop? Whilst you are doing your Backups, I'll have a look as to where the fans are located on your laptop. The Model number should usually be shown on a sticker on the bottom of the laptop.
  • 0

#15
Wendycisme
Posted 26 June 2012 - 11:36 PM

Wendycisme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also what is the Make and Model of your Laptop? Whilst you are doing your Backups, I'll have a look as to where the fans are located on your laptop. The Model number should usually be shown on a sticker on the bottom of the laptop.

This is on the buttom which is printed onto the laptop.
Gateway Model No.:W340UA

This one is in a sticker with the serial number below it,
Model: MX3414
S/n:blah blah...

I am sure you will know which one is the right one.

Thank you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP