Thanks for the log. The simple fact that the computer continues to be used makes changes to the logs...
!!! P2P Warning !!!
I notice there are signs of some P2P (Peer-to-Peer) File Sharing Programs on your computer.
The P2P technology can be used for legit downloads but many people use them to download stuff like music, movies, software with cracks/keygens that is illegal and violate the intellectual property rights.
This kind of downloads it's proven to be a major source of problems because its very common they include Virus, Trojans and all kinds of malware that can damage your computer and should be avoided at all cost if you want to keep your system safe and you away from lawsuits.
If your P2P program is not configured correctly or the program have some security flaw, your computer may also be sharing more files than you realize! GeeksToGo does not recommend using such programs and I strongly advise you to remove them. The choice is yours but if you decide to keep this program(s) please do not use them until we finish the cleaning process.
Please uninstall the following Peer-to-Peer program(s): Ares 2.1.5.
Step 1 - Uninstall Programs
Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate these programs on the list and uninstall them:
- MapsGalaxy Toolbar
- ShopAtHome.com Toolbar
- Java™ 6 Update 7 (Outdated and vulnerable)
Optional removal but recommended: - Ares 2.1.5
- After the programs have been uninstalled Restart the computer. If requested by the uninstallers restart the computer between uninstalls.
- If you can't uninstall any of the programs on the list don't worry we will remove it latter just move to the next item.
Step 2 - Run OTL Fix
!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...
- Right click on the icon and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
Do not change any other settings unless otherwise told to do so. - Under the box at the bottom, paste in the following:
:Commands [CreateRestorePoint] :OTL SRV - [2012/09/14 16:18:36 | 000,042,504 | ---- | M] (COMPANYVERS_NAME) [Auto | Running] -- C:\Program Files\MapsGalaxy_39\bar\1.bin\39barsvc.exe -- (MapsGalaxy_39Service) IE - HKLM\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\.DEFAULT\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...r={searchTerms} IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0} IE - HKU\S-1-5-18\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...r={searchTerms} IE - HKU\S-1-5-21-9643739-438510937-80869187-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...apstopkws-exact IE - HKU\S-1-5-21-9643739-438510937-80869187-1001\..\URLSearchHook: {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No CLSID value found IE - HKU\S-1-5-21-9643739-438510937-80869187-1001\..\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}: "URL" = http://search.mywebs...r={searchTerms} FF - HKLM\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin: C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\39ffxtbr@MapsGalaxy_39.com: C:\Program Files\MapsGalaxy_39\bar\1.bin [2012/09/14 16:18:40 | 000,000,000 | ---D | M] CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Toolbar BHO) - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark) O2 - BHO: (Search Assistant BHO) - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKLM\..\Toolbar: (MapsGalaxy) - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark) O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-9643739-438510937-80869187-1001\..\Toolbar\WebBrowser: (MapsGalaxy) - {364EA597-E728-4CE4-BB4A-ED846EF47970} - C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark) O3 - HKU\S-1-5-21-9643739-438510937-80869187-1001\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-9643739-438510937-80869187-1001\..Trusted Domains: amazon.com ([www] https in Trusted sites) O15 - HKU\S-1-5-21-9643739-438510937-80869187-1001\..Trusted Domains: dell.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07) [2013/10/01 18:17:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null [2008/12/09 10:43:33 | 000,000,575 | ---- | C] () -- C:\ProgramData\dldf :Files C:\Program Files\MapsGalaxy_39 C:\Program Files\Java\jre1.6.0_07 C:\Program Files\SelectRebates :Commands [RESETHOSTS] [EmptyTemp]
- click the button at the top. Let the program run uninterrupted.
- click OK
- When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
- OTL may ask to reboot the machine. Please accept right away.
- The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
- The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.
Step 3 - AdwCleaner Scan
Download AdwCleaner from here to the Desktop
- Close all open windows and browsers
- Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
- Click the Scan button and wait for the program to finish.
- For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt
Step 4 - Security Check
Download Security Check by screen317 from here or here.
- Save it to the Desktop.
- Right click on the icon and choose Run as Administrator. Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the full contents of that document.
Things I would like to see in your next reply:
- Any problem with the uninstalls?
- The OTL Fix log
- AdwCleaner log AdwCleaner[R0].txt
- The checkup.txt log