[mango_nj]

OS: Vista. Loaned my laptop to a relative and when I got it back, it would not function properly. Computer is slow on initial start-up and lags on the blue screen for awhile, before loading desktop. Surfing and loading websites is slow. It will hang and crash. I have to shut down completely using the power button and restart my system. Continually getting prompted to 'continue loading scripts' message several times a day that hangs my system. If I say no it won't load the webpage. Did a defrag and optimization in auslogics and a complete windows system scan. Ran KAV and it did not show any viruses. Laptop started operating slowly about 2 months ago and has gotten progressively worse. Crashing constantly, at least 3 tmes a day. Have also landed on a couple websites recently where Kaspersky had a virus alert, but denied it access. Shut down is slow as well.

*Noticed this program trying to access my system 2 days ago and then it crashed--> CLMP3enc.acm
--internet stated it was for DVDpowertogo program, but who knows.
Thank you in advance for your help




Ran OTL program in safe mode. Unable to run it normally, because it appeared to be stuck in a loop and would never generate a report.
Ran it for several hours 2 times and it never stopped running.


OTL logfile created on: 3/11/2013 5:17:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.43 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 69.03% Memory free
3.12 Gb Paging File | 2.81 Gb Available in Paging File | 90.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 65.26 Gb Total Space | 19.65 Gb Free Space | 30.12% Space Free | Partition Type: NTFS
Drive D: | 9.27 Gb Total Space | 3.61 Gb Free Space | 38.98% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/10 21:47:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2013/03/07 18:42:07 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 14:39:37 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/06 13:01:06 | 004,326,472 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2011/04/06 13:01:04 | 000,381,512 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Online Armor\oacat.exe -- (OAcat)
SRV - [2011/02/02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/11/02 22:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe -- (AVP)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/28 23:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxdfcoms.exe -- (lxdf_device)
SRV - [2007/05/28 23:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011/09/24 14:55:19 | 000,488,536 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2011/04/06 13:02:26 | 000,039,048 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\oahlp32.sys -- (oahlpXX)
DRV - [2011/04/06 13:01:32 | 000,029,312 | ---- | M] (Emsisoft) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OAnet.sys -- (OAnet)
DRV - [2011/04/06 13:01:30 | 000,205,864 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\System32\drivers\OADriver.sys -- (OADevice)
DRV - [2011/04/06 13:01:30 | 000,025,192 | ---- | M] (Emsisoft) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\OAmon.sys -- (OAmon)
DRV - [2010/06/09 16:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 16:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/22 18:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2009/11/02 19:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2007/04/11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/04/11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2007/04/11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/25 21:19:46 | 002,387,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 00:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 00:30:56 | 000,311,808 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL85n86.sys -- (RTL85n86)
DRV - [2006/10/06 15:59:06 | 000,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: weatherwatcherlive%40singerscreations.com:1.0.17
FF - prefs.js..extensions.enabledAddons: %7B77b819fa-95ad-4f2c-ac7c-486b356188a9%7D:2.0.20120203
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B241aae70-0022-11de-87af-0800200c9a66%7D:15.0.21.08.12
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/09/24 15:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\[email protected] [2011/09/24 15:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 18:42:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/04/05 19:03:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2013/02/23 05:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions
[2012/08/22 13:47:37 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2012/10/24 10:29:38 | 000,000,000 | ---D | M] (Bloody Red) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
[2012/04/11 22:45:01 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2013/02/23 05:03:24 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/04/23 13:12:12 | 002,203,212 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\[email protected]
[2012/05/04 00:10:59 | 000,758,641 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\09g8tyeb.default\extensions\[email protected]
[2013/03/07 18:41:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/07 18:42:08 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/29 02:40:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/19 22:22:44 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/03/05 04:46:20 | 000,445,223 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15317 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Program Files\Lexmark 6500 Series\fm3032.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Users\Owner\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FBD5B69-E619-4515-84DD-5ACB9E1CE4DC}: DhcpNameServer = 208.186.46.5 208.186.47.5 8.8.8.8
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKCU ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/10 21:47:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/07 18:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/05 05:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013/02/09 19:27:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TO print
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/11 05:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/11 04:56:18 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 04:56:18 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/11 04:38:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/11 04:20:25 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/03/11 04:20:25 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/11 04:08:12 | 000,001,446 | ---- | M] () -- C:\Users\Owner\Documents\errors.rtf
[2013/03/10 21:47:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/03/10 21:44:47 | 000,044,088 | ---- | M] () -- C:\Users\Owner\Documents\lights.rtf
[2013/03/10 05:06:46 | 000,005,177 | ---- | M] () -- C:\Users\Owner\Documents\marcusjobs.rtf
[2013/03/08 10:29:17 | 000,003,754 | ---- | M] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/03/08 01:49:51 | 000,028,188 | ---- | M] () -- C:\Users\Owner\Documents\bladder.rtf
[2013/03/07 11:29:34 | 000,003,379 | ---- | M] () -- C:\Users\Owner\Documents\unemployment hearing.rtf
[2013/03/07 00:47:14 | 000,001,271 | ---- | M] () -- C:\Users\Owner\Documents\unemployment.rtf
[2013/03/06 14:36:09 | 000,003,374 | ---- | M] () -- C:\Users\Owner\Documents\marcus job questions.rtf
[2013/03/05 18:47:19 | 000,000,180 | ---- | M] () -- C:\Users\Owner\Documents\Library.rtf
[2013/03/05 18:33:43 | 000,001,803 | ---- | M] () -- C:\Users\Owner\Documents\Marcus work history dates.rtf
[2013/03/05 18:03:32 | 000,003,781 | ---- | M] () -- C:\Users\Owner\Documents\Marcus resume2.rtf
[2013/03/05 05:02:19 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/05 04:46:20 | 000,445,223 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/03/05 01:08:05 | 000,004,740 | ---- | M] () -- C:\Users\Owner\Documents\Marcus Resume3.rtf
[2013/03/04 21:42:28 | 000,004,645 | ---- | M] () -- C:\Users\Owner\Documents\resumetmpF51F.rtf
[2013/03/04 08:44:17 | 000,004,202 | ---- | M] () -- C:\Users\Owner\Documents\domain.rtf
[2013/03/03 01:18:00 | 000,000,860 | ---- | M] () -- C:\Users\Owner\Documents\answers1.rtf
[2013/02/27 16:41:15 | 000,000,289 | ---- | M] () -- C:\Users\Owner\Documents\UNIDEN PHONE MANUAL.rtf
[2013/02/26 14:31:45 | 000,001,770 | ---- | M] () -- C:\Users\Owner\Documents\friends phone numbers.rtf
[2013/02/24 23:31:00 | 000,000,300 | ---- | M] () -- C:\Users\Owner\Documents\computerpics 2.rtf
[2013/02/23 19:21:26 | 000,001,976 | ---- | M] () -- C:\Users\Owner\Documents\DVD Recorder and RF modulator.rtf
[2013/02/22 17:24:56 | 000,005,540 | ---- | M] () -- C:\Users\Owner\Documents\Resume writing.rtf
[2013/02/22 17:19:48 | 000,000,596 | ---- | M] () -- C:\Users\Owner\Documents\Marcus Resume.rtf
[2013/02/21 14:28:29 | 000,028,535 | ---- | M] () -- C:\Users\Owner\Documents\recipes.rtf
[2013/02/21 05:55:58 | 000,023,852 | ---- | M] () -- C:\Users\Owner\Documents\menopause.rtf
[2013/02/17 18:13:57 | 000,050,952 | ---- | M] () -- C:\Users\Owner\Documents\quotes.rtf
[2013/02/16 01:34:01 | 000,008,857 | ---- | M] () -- C:\Users\Owner\Documents\BLADDER best information.rtf
[2013/02/14 04:42:25 | 000,288,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/14 01:41:27 | 000,001,172 | ---- | M] () -- C:\Users\Owner\Documents\jobsinfo.rtf
[2013/02/13 15:13:57 | 000,444,966 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20130305-034620.backup
[2013/02/13 04:34:12 | 000,004,709 | ---- | M] () -- C:\Users\Owner\Documents\marcus.rtf
[2013/02/13 01:22:45 | 000,001,305 | ---- | M] () -- C:\Users\Owner\Documents\job agency.rtf
[2013/02/13 01:00:45 | 000,000,278 | ---- | M] () -- C:\Users\Owner\Documents\cell phone plans cheap.rtf
[2013/02/11 09:44:17 | 000,022,468 | ---- | M] () -- C:\Users\Owner\Documents\WISH LIST.rtf
[2013/02/09 10:54:58 | 000,000,693 | ---- | M] () -- C:\Users\Owner\Documents\copyright disclaimer youtube.rtf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/10 05:01:01 | 000,001,446 | ---- | C] () -- C:\Users\Owner\Documents\errors.rtf
[2013/03/07 04:45:50 | 000,003,379 | ---- | C] () -- C:\Users\Owner\Documents\unemployment hearing.rtf
[2013/03/07 00:27:44 | 000,001,271 | ---- | C] () -- C:\Users\Owner\Documents\unemployment.rtf
[2013/03/06 10:55:39 | 000,003,374 | ---- | C] () -- C:\Users\Owner\Documents\marcus job questions.rtf
[2013/03/05 18:46:31 | 000,000,180 | ---- | C] () -- C:\Users\Owner\Documents\Library.rtf
[2013/03/05 18:10:28 | 000,003,754 | ---- | C] () -- C:\Users\Owner\Documents\MH Resume.rtf
[2013/03/05 05:02:19 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013/03/05 01:15:33 | 000,001,803 | ---- | C] () -- C:\Users\Owner\Documents\Marcus work history dates.rtf
[2013/03/05 01:08:05 | 000,004,740 | ---- | C] () -- C:\Users\Owner\Documents\Marcus Resume3.rtf
[2013/03/04 22:02:20 | 000,003,781 | ---- | C] () -- C:\Users\Owner\Documents\Marcus resume2.rtf
[2013/03/04 21:42:28 | 000,004,645 | ---- | C] () -- C:\Users\Owner\Documents\resumetmpF51F.rtf
[2013/02/27 16:41:14 | 000,000,289 | ---- | C] () -- C:\Users\Owner\Documents\UNIDEN PHONE MANUAL.rtf
[2013/02/24 22:28:12 | 000,000,860 | ---- | C] () -- C:\Users\Owner\Documents\answers1.rtf
[2013/02/23 19:20:49 | 000,001,976 | ---- | C] () -- C:\Users\Owner\Documents\DVD Recorder and RF modulator.rtf
[2013/02/22 17:06:35 | 000,000,596 | ---- | C] () -- C:\Users\Owner\Documents\Marcus Resume.rtf
[2013/02/13 19:18:43 | 000,005,177 | ---- | C] () -- C:\Users\Owner\Documents\marcusjobs.rtf
[2013/02/13 01:00:44 | 000,000,278 | ---- | C] () -- C:\Users\Owner\Documents\cell phone plans cheap.rtf
[2013/02/12 23:55:31 | 000,001,305 | ---- | C] () -- C:\Users\Owner\Documents\job agency.rtf
[2013/01/19 02:52:09 | 000,000,022 | -H-- | C] () -- C:\Users\Owner\AppData\Local\xftredahs.dat
[2011/09/24 16:24:37 | 000,205,864 | ---- | C] () -- C:\Windows\System32\drivers\OADriver.sys
[2011/09/24 16:24:37 | 000,039,048 | ---- | C] () -- C:\Windows\System32\drivers\oahlp32.sys
[2011/09/24 15:02:04 | 000,116,189 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011/09/24 15:02:04 | 000,098,168 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011/08/20 22:57:13 | 000,017,408 | ---- | C] () -- C:\Users\Owner\AppData\Local\WebpageIcons.db
[2010/01/26 14:22:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/12/13 14:59:46 | 000,000,560 | ---- | C] () -- C:\ProgramData\lxdf
[2007/10/14 19:26:28 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/11 02:04:24 | 000,000,682 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2008/12/14 00:30:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\6500 Series
[2010/01/29 22:12:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2008/12/13 14:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lexmark Productivity Studio
[2011/09/24 16:28:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OnlineArmor
[2012/07/28 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2007/10/11 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 347878 bytes -> C:\Users\Owner\AppData\Roaming\desktop.ini:init
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >

[Advertisements]

Hello mango_nj,

Unless I am mistaken you are running multiple security programs that are likely conflicting.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall Online Armour firewall and Spybot Search and Destroy. You can always reinstall Spybot Search and Destroy later if you wish.

After that

Please download Security Check by screen317 from here .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Finally in this post

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post

• checkup.txt
• MBAM log

[emeraldnzl]

Hello mango_nj,

Unless I am mistaken you are running multiple security programs that are likely conflicting.

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall Online Armour firewall and Spybot Search and Destroy. You can always reinstall Spybot Search and Destroy later if you wish.

After that

Please download Security Check by screen317 from here .

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Finally in this post

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy & Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So when you return please post

• checkup.txt
• MBAM log

[mango_nj]

Hi emeraldnzl

Thanks for the help! Thought I needed a better firewall, but I'll uninstall the programs you requested. Will get to your instructions and post as soon as possible.

[emeraldnzl]

Thought I needed a better firewall

Your log shows Windows Defender running and also shows Kaspersky Anti-Virus which likely has a firewall incorporated. Must have been quite a bit of conflict going on there.

Look forward to your next reply.

[mango_nj]

I so appreciate the heads up on all the stuff I had running in the background

The KAV is just antivirus no firewall. At least I didn't overkill on that lol

This is an old laptop I use as a backup and it's been a great basic pc. Like to keep it running.

Here's the logs you requested.....many thanks!!!



Results of screen317's Security Check version 0.99.61
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Kaspersky Anti-Virus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
SpywareBlaster 5.0
JavaFX 2.1.1
Java 7 Update 17
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3
Adobe Flash Player 11.6.602.180
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Kaspersky Lab Kaspersky Anti-Virus 2011 avp.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````



----------------------------------------------------------------------



Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.17.13

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

3/17/2013 4:57:51 PM
mbam-log-2013-03-17 (16-57-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213118
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[emeraldnzl]

*Noticed this program trying to access my system 2 days ago and then it crashed--> CLMP3enc.acm

I believe acm file extension relates to Audio Compression Manager. From wikipedia "Any ACM codec can be used to compress a WAV file. "

I don't think it is malicious just an older program. Apparently some video games use that format.

If you want to check it for malware do this:

Please go to Virus Total

Click on the button Choose File

Copy/paste this file and path into the white box beside File Name in the window that pops up:

Press Scan it- this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Ran OTL program in safe mode. Unable to run it normally,

Most likely stopped by one of your security programs. Spybot - Search & Destroy used to be a real problem in that way, Online Amour and Windows Defender would be a suspect too.

Now

Please download TFC to your desktop

• Open the file and close any other windows.
• When it runs it will close all programs. Let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

After that

Download Windows Repair (all in one) from here.

Install the program then run



Go to step 3 and allow it to run SFC



On the start repairs tab click start


Select the following items and tick restart system when finished


Finally in this post

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

• Click the green ESET Online Scanner box
• Tick the box next to YES, I accept the Terms of Use
  then click on: Start
• You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click on Start
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Then click on: Finish
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic and tell me if there has been any change in your computers symptoms.

[mango_nj]

Hi emeraldnzl

How do I install the windows repair program from a zip file?

Feel crazy asking, but I have never done that before and hardly use winzip.

Appreciate some instructions. thanks!

[emeraldnzl]

How do I install the windows repair program from a zip file?

Have you tried double clicking on it?

[mango_nj]

Yes, I double clicked and winzip extracts all the files into a folder

Looked for a setup or install file to bring everything together, but don't see one.

[emeraldnzl]

Yes, I double clicked and winzip extracts all the files into a folder

Looked for a setup or install file to bring everything together, but don't see one.

Check out the instructions below that take you to a site that gives step by step instructions.

How To open a Zip a file or folder in Vista

Go here for instructions on how to open a Zip file in Vista

After you have extracted the Zip file there should be another folder beside it called Tweaking.com - Windows Repair

Double click on that and inside you should find a list of files. Right click on the one named Repair_Windows.exe. and run as Administator.

Tell me if you run into difficulties.

[mango_nj]

Hi emeraldnzl!

Opened Zip fine, just didn't know what file to run. Appreciate the help!!

Did TFC and Windows Repair. Laptop running much better

Had both FF and IE. I ran Eset in IE. Scanner ran for 4 hours and found -0- threats.

It did not generate a log for me to copy.

I looked for C:\Program Files\ESET\EsetOnlineScanner\log.txt.and it is not there.

Here's a screen shot of the ESET folder. If I did something wrong, let me know.

Attached Thumbnails

• 

[emeraldnzl]

Hello again mango_nj,

Laptop running much better

Kaspersky and the Windows Firewall seem to working fine together.

I ran Eset in IE. Scanner ran for 4 hours and found -0- threats.

Your logs look clean to me.

We have a couple of last steps to perform and then you're all set.

• Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
• Click on the CleanUp! button
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

MBAM can be uninstalled via control panel add/remove but it may be a useful tool to keep. Erunt can also be uninstalled via the add/remove programs utility.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Please go here for directions on how to do this. You need to turn System Protection off to delete all old restore points, reboot and then turn System Protection back on to create a new restore point.

-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

• Download Java for Windows
  
  Reboot your computer.
  You also need to unininstall older versions of Java.
  
• Click Start > Control Panel > Add or Remove Programs
• Remove all Java updates except the latest one you have just installed.

--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:

If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!

[mango_nj]

Hiya emeraldnzl!! You've been truly awesome!!

Did everything you instructed and all went well except this:

Started deleting old versions of java and one version will not delete.

Java stated these 2 older versions were still on my system

Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 3


When I try to delete the last one the error below comes up. Pls advise on how to fix.

Error 1719 the windows installer service could not be accessed. This can occur if the windows installer
is not correctly installed. Contact your support personnel for assistance.

[emeraldnzl]

When I try to delete the last one the error below comes up. Pls advise on how to fix.

Let's see if this helps:

Please download Fixit for problems with Windows installer/unistaller

Tell me how you get on.

[mango_nj]

The "fix it" program fixed my problem straight away.

The older Java update is gone

THANK YOU SO VERY MUCH!!!!!


I do have 2 additional questions if you don't mind---

1] Can I use Fix It for any program that I am having difficulty uninstalling?

2] If I didn't have a virus on my laptop, what was causing all the problems?