Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE Ad Pop-ups [Closed]

Started by nunnery , Dec 05 2012 12:26 PM

  • This topic is locked This topic is locked

#1
nunnery
Posted 05 December 2012 - 12:26 PM

nunnery

    New Member

  • Member
  • Pip
  • 1 posts
Hi I dont use IE, I use google chrome but I keep getting IE popping up with adverts every few minutes. I have tried most ad-ware/malware removal tools with no luck! I would really appreciate any help going!

Here is my log:

OTL logfile created on: 05/12/2012 18:04:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.43% Memory free
4.14 Gb Paging File | 2.85 Gb Available in Paging File | 68.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 16.36 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.82 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive E: | 6.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BETH-PC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/05 18:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTL.exe
PRC - [2012/12/05 00:39:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/12/05 00:39:51 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 06:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/02 03:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/02 03:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 03:43:17 | 000,460,904 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll
MOD - [2012/11/28 03:43:16 | 012,456,040 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
MOD - [2012/11/28 03:43:15 | 004,008,040 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
MOD - [2012/11/28 03:42:30 | 000,587,880 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\libglesv2.dll
MOD - [2012/11/28 03:42:29 | 000,124,520 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\libegl.dll
MOD - [2012/11/28 03:42:22 | 000,157,304 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avutil-51.dll
MOD - [2012/11/28 03:42:21 | 002,168,952 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll
MOD - [2012/11/28 03:42:21 | 000,275,576 | ---- | M] () -- C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\avformat-54.dll
MOD - [2007/09/26 10:47:30 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/09/12 09:50:56 | 000,126,976 | ---- | M] () -- C:\Program Files\FlashGet\getflash.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc -- (gupdatem)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2012/12/05 00:39:52 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/11/19 09:25:18 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/04/08 15:46:20 | 000,154,152 | ---- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2010/04/08 15:46:18 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2010/04/08 15:46:12 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2008/04/24 19:57:27 | 000,265,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 03:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/02 03:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2006/09/14 06:56:06 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Beth\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/12/05 14:57:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 16:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 21:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/01/02 03:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 05:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 05:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/11 06:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/05/09 12:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/05/09 12:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/05/09 12:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/04/29 05:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 07:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 07:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...z=1I7DKUK_en-GB
IE - HKCU\..\SearchScopes\{84FEF905-1373-4ECB-8674-6E2057561BC7}: "URL" = http://search.virgin...earchTerms}&cr=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Beth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Beth\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Beth\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/19 09:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/19 09:25:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/19 09:25:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/19 09:25:09 | 000,000,000 | ---D | M]

[2009/03/03 21:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth\AppData\Roaming\Mozilla\Extensions
[2012/10/25 14:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\2uf3ny3j.default\extensions
[2011/02/16 20:25:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\2uf3ny3j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/11/19 09:25:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/19 09:25:19 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/08/04 16:36:23 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/29 08:17:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/04 16:36:23 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/08/04 16:36:23 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/11/19 09:25:16 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/08/04 16:36:23 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beth\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Beth\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/12/05 17:44:44 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7725.1624\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (gFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ()
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKCU..\Run: [Illustrate] C:\Users\Beth\AppData\Local\Illustrate\dbznlcwv.dll (LEAD Technologies, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm ()
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (Playtech)
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (Playtech)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: everestpoker.com ([account] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...shUKActivia.cab (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg...l_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5CD0EBF-31FB-4BEA-B9AD-085A3C4F4E2C} https://www.promapse...est/Voyager.cab (VoyagerCtl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3BCD8263-6461-49EA-8F37-55BC8A9ABE22}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C99FA04-56EA-43F7-BEDC-475676C25485}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Beth\Pictures\2008 09 08\Phone Pics 056.JPG
O24 - Desktop BackupWallPaper: C:\Users\Beth\Pictures\2008 09 08\Phone Pics 056.JPG
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/05 18:02:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTL.exe
[2012/12/05 17:55:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/12/05 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\tdsskiller
[2012/12/05 17:50:38 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\GooredFix Backups
[2012/12/05 17:44:42 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/12/05 17:43:09 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTM.exe
[2012/12/05 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\temp
[2012/12/05 16:52:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/12/05 16:35:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/12/05 16:35:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/12/05 16:35:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/12/05 16:35:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2012/12/05 16:35:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/05 16:34:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/12/05 09:48:54 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/12/05 01:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/12/05 01:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/12/03 13:44:11 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\lissington
[2012/11/24 02:45:32 | 000,000,000 | ---D | C] -- C:\Users\Beth\AppData\Local\Imagitech
[2012/11/21 17:53:21 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\crash
[2012/11/21 11:59:12 | 000,000,000 | ---D | C] -- C:\Users\Beth\Desktop\WYG Stu Work
[2012/11/19 09:25:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/15 19:51:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/15 19:49:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/15 19:48:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/15 19:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2012/12/05 18:02:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTL.exe
[2012/12/05 17:56:18 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 17:56:18 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/05 17:56:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/05 17:56:05 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/05 17:44:44 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/12/05 17:43:18 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\Beth\Desktop\OTM.exe
[2012/12/05 15:59:57 | 428,081,229 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/12/05 15:28:53 | 000,000,073 | ---- | M] () -- C:\Users\Beth\AppData\Roaming\mbam.context.scan
[2012/12/05 14:57:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/12/05 14:38:06 | 000,130,560 | ---- | M] () -- C:\Users\Beth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/05 01:54:49 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/05 00:43:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/02 09:25:05 | 000,170,423 | ---- | M] () -- C:\Users\Beth\Desktop\fifa.jpg
[2012/11/30 08:07:53 | 000,002,039 | ---- | M] () -- C:\Users\Beth\Desktop\Google Chrome.lnk
[2012/11/30 08:07:53 | 000,002,001 | ---- | M] () -- C:\Users\Beth\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/15 19:51:08 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/12/05 16:35:27 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/12/05 16:35:27 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/12/05 16:35:27 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/12/05 16:35:27 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/12/05 16:35:27 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/12/05 15:28:53 | 000,000,073 | ---- | C] () -- C:\Users\Beth\AppData\Roaming\mbam.context.scan
[2012/12/05 11:13:30 | 428,081,229 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/05 01:54:49 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/02 09:25:05 | 000,170,423 | ---- | C] () -- C:\Users\Beth\Desktop\fifa.jpg
[2012/11/15 19:51:08 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/18 13:48:21 | 000,000,004 | R-S- | C] () -- C:\ProgramData\sysqcl1129139270.dat
[2011/10/09 13:31:32 | 000,000,260 | ---- | C] () -- C:\Windows\VoyagerConfig.ini
[2009/03/14 19:44:19 | 000,005,864 | ---- | C] () -- C:\Users\Beth\AppData\Local\d3d9caps.dat
[2009/02/11 15:39:30 | 000,000,020 | ---- | C] () -- C:\Users\Beth\ho.dir
[2008/11/16 23:06:42 | 000,000,085 | --S- | C] () -- C:\ProgramData\.zreglib
[2008/05/29 23:15:42 | 000,130,560 | ---- | C] () -- C:\Users\Beth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 12:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 12:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 09:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/04/28 09:13:01 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\948 Series
[2008/06/01 18:32:12 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Atari
[2009/11/05 13:59:12 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/12/05 01:56:24 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\BitTorrent
[2008/11/16 23:10:53 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\DAEMON Tools
[2009/07/11 16:14:06 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\DMCache
[2008/06/02 22:43:25 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\FlashGet
[2012/12/05 01:56:24 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\IDM
[2012/10/14 18:46:33 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\PacificPoker
[2010/05/19 18:36:07 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Sports Interactive
[2012/10/07 10:24:21 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Unity
[2012/08/10 01:40:23 | 000,000,000 | ---D | M] -- C:\Users\Beth\AppData\Roaming\Xilisoft

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Xilisoft:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Uni:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Sports Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\SafeNet Sentinel:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\RC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\PKR:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\My Data Sources:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Diet and Exercise:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\Comic Life:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\AltoMP3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Documents\888poker:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\WYG Stu Work:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\William:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\turkey:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\tdsskiller:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Stu:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\recover:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Photos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Other Crap!:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\New Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Movember:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\me and beth:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\lissington:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\holiday music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\GooredFix Backups:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Films:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\fifa.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Ebay Oct:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Dissertation:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Desktop Essays!:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\crash:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\Adobe Reader 9 Installer:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Beth\Desktop\20120810025929:Roxio EMC Stream

< End of report >


OTL Extras logfile created on: 05/12/2012 18:04:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Beth\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.96 Gb Available Physical Memory | 48.43% Memory free
4.14 Gb Paging File | 2.85 Gb Available in Paging File | 68.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.17 Gb Total Space | 16.36 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.82 Gb Free Space | 58.21% Space Free | Partition Type: NTFS
Drive E: | 6.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BETH-PC | User Name: Beth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{420C2B07-1417-40D1-9C81-595346DE22FE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BE9B3D9F-2015-49D4-AD71-8CD53C389028}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F424D108-C2A7-4A47-ADA5-9123B210F01C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069BCF99-833F-430A-ACD3-CB61FD9EE9DE}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{0A0E3D8B-259C-44AE-96FC-19E470EEFC7D}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{0F1F7F26-72CD-4647-AAB5-63AAECF4B1D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12BFDEE1-BCCE-4BD9-8FA3-65F7CE8F47BA}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{1AF93934-666E-4F39-B95F-18027200A3E8}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{29FE8F8D-C97E-47EF-AAAC-5FA64D228D03}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfaiox.exe |
"{43F95401-ED1C-4823-958D-DCEAFB38F000}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{44A394A2-FD1F-4613-9FB8-0DA18D900AED}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{459CEE8C-F85B-41B8-BBEE-B83F7F82F027}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4E1EFA43-C7A2-4DE4-8AAB-B8B743AB0C8D}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\dldfmon.exe |
"{4F8615D4-1F09-4F9A-BE2F-2B2F4E6C0FE7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5872A906-5498-4AB1-AEAF-3CB6B70E39F6}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{694F2557-5FAD-4192-AF04-E1CF435C14F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6C198F90-8FF1-43A5-8421-3DCC4285E19B}" = protocol=6 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{72ADE27E-1057-4175-BED4-BC4C2D8ECA51}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{7EFA96D7-EB09-4596-8AE4-4C37A31C36E0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{933FC608-17E1-466C-A865-CF1860D8F7DB}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{9ACFC1F2-F948-4976-87C1-19E60221A728}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{A34ADB4C-7354-44D0-A944-041B016A6D26}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A9AAA5B8-3437-4F5F-8BCE-C7B85C8D5F57}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B1C8ACB1-3B52-4757-907F-CC0501EF6ED0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{B7EF9217-CE2B-4F1C-B49C-3B697CCAEAA7}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{B899F68A-197A-40F4-A2E2-DC68B97AB3B0}" = protocol=17 | dir=in | app=c:\program files\dell aio printer 948\memcard.exe |
"{BBA4DBBB-5B64-4C15-B710-E486972B1A05}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DD84B9FC-3E3B-41A3-9B53-93ACF6BEDB9E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FD4D607A-1B5B-4961-A2BE-045EA1950891}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"TCP Query User{9570D57A-76DD-466C-87F2-762265A3AB32}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F18EFA70-D6A8-460F-9D01-991837616F2E}C:\users\beth\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\beth\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{7E109C78-DD37-4201-82FC-D421434314D8}C:\users\beth\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\beth\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{9B86CEC3-EE08-4EBD-AEFA-E6C8648A09E9}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{11D3D948-2789-2E3D-03D7-282B537D8C01}" = BBC iPlayer Desktop
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 27
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0000-0000-0000000FF1CE}_PUBLISHER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0627FA2-861A-4670-AF7D-45F5FC06091A}" = DLDF_AIOC
"{A2570BB8-D996-4592-B172-57F6560419EF}" = DLDF_MCM
"{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1" = Wondershare Dr.Fone (iPhone 4)(Build 1.0.0.33)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B777C2B9-436C-422D-A4A3-FEB6F62D3B82}" = DLDF_Wireless
"{B83ABA9F-134F-4D81-9727-690B810A0EE4}" = DLDF_Pubs
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DF1EB473-1D28-426C-99DE-26614F56CDC3}" = DLDF_Fax4
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BitTorrent" = BitTorrent
"BlueSquare Poker" = BlueSquare Poker
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer2.0" = Coupon Printer
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell AIO Printer 948" = Dell AIO Printer 948
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FlashGet(JetCar)" = FlashGet(JetCar)
"InstallShield_{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}" = Nokia Multimedia Player
"IsoBuster_is1" = IsoBuster 2.4
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PKR" = PKR
"PokerStars" = PokerStars
"PUBLISHER" = Microsoft Office Publisher 2007
"RealAlt_is1" = Real Alternative 1.9.0
"SynTPDeinstKey" = Dell Touchpad
"Titan Poker" = Titan Poker
"Veetle TV" = Veetle TV 0.9.18
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blackbeltpoker" = Black Belt Poker
"Google Chrome" = Google Chrome
"Mozilla Firefox 16.0.2 (x86 en-GB)" = Mozilla Firefox 16.0.2 (x86 en-GB)
"UnityWebPlayer" = Unity Web Player
"Victor Chandler" = Victor Chandler

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05/12/2012 14:09:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:10:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:11:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:12:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:13:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:14:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:15:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:16:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:17:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

Error - 05/12/2012 14:18:07 | Computer Name = Beth-PC | Source = SDWinSec.exe | ID = 0
Description =

[ Broadcom Wireless LAN Events ]
Error - 22/11/2011 10:54:46 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 14:54:45, Tue, Nov 22, 11 Error - Unable to gain access to user store


Error - 22/11/2011 11:00:38 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 15:00:38, Tue, Nov 22, 11 Error - Unable to gain access to user store


Error - 20/12/2011 09:29:27 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 13:29:26, Tue, Dec 20, 11 Error - Unable to gain access to user store


Error - 20/12/2011 09:35:17 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 13:35:17, Tue, Dec 20, 11 Error - Unable to gain access to user store


Error - 27/01/2012 19:40:48 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 23:40:48, Fri, Jan 27, 12 Error - Unable to gain access to user store


Error - 19/06/2012 19:50:23 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 00:50:23, Wed, Jun 20, 12 Error - Unable to gain access to user store


Error - 10/07/2012 17:52:40 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 22:52:39, Tue, Jul 10, 12 Error - Unable to gain access to user store


Error - 13/08/2012 17:52:01 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 22:52:01, Mon, Aug 13, 12 Error - Unable to gain access to user store


Error - 13/08/2012 17:57:53 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 22:57:53, Mon, Aug 13, 12 Error - Unable to gain access to user store


Error - 05/12/2012 07:15:59 | Computer Name = Beth-PC | Source = WLAN-Tray | ID = 0
Description = 11:15:58, Wed, Dec 05, 12 Error - Unable to gain access to user store


[ OSession Events ]
Error - 28/11/2009 11:58:11 | Computer Name = Beth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 678
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/11/2012 10:29:01 | Computer Name = Beth-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5970
seconds with 5220 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/12/2012 13:44:43 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 05/12/2012 13:53:56 | Computer Name = Beth-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 05/12/2012 13:54:08 | Computer Name = Beth-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =

Error - 05/12/2012 13:54:23 | Computer Name = Beth-PC | Source = DCOM | ID = 10001
Description =

Error - 05/12/2012 13:57:48 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2012 13:57:48 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2012 13:57:48 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2012 13:57:48 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2012 13:59:11 | Computer Name = Beth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 05/12/2012 14:03:19 | Computer Name = Beth-PC | Source = DCOM | ID = 10001
Description =


< End of report >

Edited by nunnery, 05 December 2012 - 12:27 PM.

  • 0

Advertisements

#2
Essexboy
Posted 05 December 2012 - 01:36 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you let me know if this cures it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKCU..\Run: [Illustrate] C:\Users\Beth\AppData\Local\Illustrate\dbznlcwv.dll (LEAD Technologies, Inc.)

:Files
C:\Users\Beth\AppData\Local\Illustrate

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
Essexboy
Posted 10 December 2012 - 09:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP