Page 1 of 4 1234 LastLast
Results 1 to 10 of 38

Thread: Click.GiftLoad problem.

  1. #1
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default Click.GiftLoad problem.

    Hello. The past couple days I have been suffering from frequent "blue screen" crashes (OS is Windows 7), Google links re-directing to ad sites, and general slowness in my Internet Explorer 8. I've used Search & Destroy, AdAware, and Malwarebytes to scan the computer, but they never were able to delete Click.Giftload. They did in Safe Mode, but after rebooting and scanning again it was back.

    I've tried to run DDS so I can provide a log, but when I try to save it/run it, my computer keeps saying it needs permission from the administrator (which I am), and keeps popping up when I hit "Try Again". My McAffe also pops up at the same time, saying it has deleted a Trojan. I've uploaded a screenshot of the issue.

    Any help will be appreciated

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking.


    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    Windows 7 Advice:

    All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

    The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Next:

    I've tried to run DDS so I can provide a log, but when I try to save it/run it, my computer keeps saying it needs permission from the administrator (which I am), and keeps popping up when I hit "Try Again". My McAffe also pops up at the same time, saying it has deleted a Trojan. I've uploaded a screenshot of the issue.
    It appears your security application McAfee is detecting DDS as a variation of the Artemis Trojan, actually this is what is known as a False Positive detection...Not a cause for concern I will further add and I will be asking your good self to scan with a different application in due course.

    In the mean time can you inform myself which version of Windows 7 you have as in is it either 32 Bit or 64 Bit? If not sure you can check as follows:-

    Right-click on the Desktop Computer icon >> Properties

    Or via:

    Start(Windows 7 Orb) >> Right-click on Computer >> Properties

    Under System make a note of the System type:
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    Thank you very much for your assistance. The version of Windows 7 I have is the 32-Bit one.

  4. #4
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Thank you very much for your assistance. The version of Windows 7 I have is the 32-Bit one.
    You're welcome and thank you for the clarification also.

    Scan with OTL:

    Please download OTL and save it to your Desktop.

    Alternate downloads are here and here.

    • Right-click on OTL.exe and select Run as Administrator to start OTL.
    • Under Output, ensure that Minimal Output is selected.
    • Under Extra Registry section, select Use SafeList.
    • Click the Scan All Users checkbox.
    • Click on Run Scan at the top left hand corner.
    • When done, two Notepad files will open.
      • OTL.txt <-- Will be opened
      • Extra.txt <-- Will be minimized
    • Please post the contents of these 2 Notepad files in your next reply.

    When completed the above, please post back the following in the order asked for:

    • How is you computer performing now, any further symptoms and or problems encountered?
    • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  5. #5
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    I've run the OTL scan. As asked, here are the logs.

    First is the OTL.txt

    OTL logfile created on: 3/23/2011 10:55:42 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justin\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 326.18 Gb Total Space | 211.59 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
    Drive D: | 9.16 Gb Total Space | 1.25 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
    Drive M: | 931.51 Gb Total Space | 814.97 Gb Free Space | 87.49% Space Free | Partition Type: NTFS

    Computer Name: VEDA | User Name: Justin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10n_ActiveX.exe (Adobe Systems, Inc.)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AWSC.exe ()
    PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
    PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
    PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
    PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    PRC - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
    PRC - C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    PRC - C:\Program Files\BitTorrent\bittorrent.exe ()


    ========== Modules (SafeList) ==========

    MOD - C:\Users\Justin\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
    MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


    ========== Win32 Services (SafeList) ==========

    SRV - (nosGetPlusHelper) getPlus(R) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
    SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
    SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
    SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
    SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
    SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
    SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McOobeSv) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
    SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
    SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
    SRV - (DTSRVC) -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe ()
    SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
    DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
    DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
    DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
    DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
    DRV - (mfewfpk) -- C:\Windows\system32\drivers\mfewfpk.sys (McAfee, Inc.)
    DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
    DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
    DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
    DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
    DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
    DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
    DRV - ({95808DC4-FA4A-4C74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (CyberLink Corp.)
    DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
    DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
    DRV - (CLBUDFR) -- C:\Windows\System32\drivers\CLBUDFR.sys (CyberLink Corporation.)
    DRV - (CLBStor) -- C:\Windows\System32\drivers\CLBStor.sys (Cyberlink Co.,Ltd.)
    DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Program Files\PC-Doctor 5 for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)
    DRV - (XG762_VS) -- C:\Windows\System32\drivers\WlanGZG.sys (Atheros Communications, Inc.)
    DRV - (ZY202_XP) -- C:\Windows\System32\drivers\WlanUZXP.SYS (ZyDAS Technology Corporation)
    DRV - (PdiPorts) -- C:\Windows\System32\drivers\PdiPorts.sys (Portrait Displays, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/...ch/search.html


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
    IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9
    IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="
    FF - prefs.js..network.proxy.no_proxies_on: "*.local"


    FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/03/21 14:10:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/21 14:06:28 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/19 18:05:59 | 000,000,000 | ---D | M]

    [2009/11/14 17:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions
    [2008/09/03 15:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2009/04/05 15:18:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2011/03/21 19:13:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions
    [2010/01/14 14:49:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/03/21 19:13:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Justin\AppData\Roaming\Mozilla\Firefox\Profiles\b8vemkwx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/12/02 08:21:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/03 09:25:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/08/24 18:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/12/02 08:21:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/10/13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: ::1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110321140628.dll (McAfee, Inc.)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O3 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [WinampAgent] File not found
    O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
    O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/...oUploader5.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Justin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\AutoRun\command - "" = K:\Autorun_rlsmm.exe
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\checker\command - "" = K:\TEST\CHECKER.exe
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\dstest\command - "" = K:\TEST\DSTEST.exe
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\.DEFAULT\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rgn.exe" -a "%1" %* (Valve Corporation)
    O37 - HKU\S-1-5-18\...exe [@ = exefile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\rgn.exe" -a "%1" %* (Valve Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/03/23 10:52:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    [2011/03/23 08:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2011/03/22 18:48:31 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\New folder
    [2011/03/22 07:36:30 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Malwarebytes
    [2011/03/22 07:36:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/03/22 07:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/03/22 07:36:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/03/22 07:36:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/03/22 07:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/03/22 07:35:33 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Justin\Documents\mbam-setup-1.50.1.1100.exe
    [2011/03/21 21:00:42 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/03/21 21:00:38 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/03/21 20:57:22 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\Sunbelt Software
    [2011/03/21 20:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    [2011/03/21 20:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/03/21 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/03/21 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2011/03/21 19:16:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/21 19:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2011/03/21 14:06:27 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
    [2011/03/21 14:06:08 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
    [2011/03/21 14:06:06 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
    [2011/03/21 14:06:06 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
    [2011/03/21 14:06:06 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
    [2011/03/21 14:06:06 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
    [2011/03/21 14:06:06 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
    [2011/03/21 14:06:06 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
    [2011/03/21 14:06:05 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
    [2011/03/21 14:06:05 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
    [2011/03/21 14:06:05 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
    [2011/03/21 14:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
    [2011/03/21 14:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2011/03/21 14:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2011/03/21 13:34:23 | 000,095,568 | R--- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys.c739.deleteme
    [2011/03/19 19:44:18 | 022,727,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Justin\Documents\IE9-Setup-US_Win7_X86.exe
    [2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\ParetoLogic
    [2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\DriverCure
    [2011/03/19 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
    [2011/03/19 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2011/03/19 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2011/03/19 19:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/03/19 19:40:28 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
    [2011/03/19 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    [2011/03/19 18:06:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
    [2011/03/19 18:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
    [2011/03/19 18:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
    [2011/03/19 17:45:34 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\ElevatedDiagnostics
    [2011/03/19 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}
    [2011/03/19 13:42:57 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\Gundam Wing Endless Waltz - Glory of the Defeated
    [2011/03/09 23:42:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/03/09 09:07:19 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
    [2011/03/09 09:07:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
    [2011/03/09 09:07:17 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
    [2011/03/09 09:07:17 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
    [2011/03/09 09:07:17 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/03/09 09:07:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2011/03/06 11:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2011/02/28 12:12:11 | 000,000,000 | ---D | C] -- C:\Users\Justin\Desktop\MG 00 Raiser
    [2011/02/23 11:12:45 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
    [2011/02/23 11:12:44 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
    [2011/02/22 01:04:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
    [2011/02/22 01:04:42 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
    [2011/02/22 01:03:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
    [2011/02/22 01:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
    [2011/02/22 01:02:19 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
    [2009/07/13 18:24:44 | 000,361,472 | ---- | C] (Fujitsu Takamisawa Component Limited) -- C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\Justin\*.tmp files -> C:\Users\Justin\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/03/23 10:52:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Justin\Desktop\OTL.exe
    [2011/03/23 09:03:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/03/23 09:03:45 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/03/23 08:57:36 | 000,619,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/03/23 08:57:36 | 000,105,440 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/03/23 08:54:38 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/03/23 08:51:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/03/23 08:51:16 | 1602,101,248 | -HS- | M] () -- C:\hiberfil.sys
    [2011/03/22 21:11:48 | 000,399,479 | ---- | M] () -- C:\Users\Justin\Desktop\ddsproblem.png
    [2011/03/22 19:05:34 | 000,638,508 | ---- | M] () -- C:\Users\Justin\Desktop\GameFAQs Dissidia Final Fantasy (PSP) FAQ-Walkthrough by Blueset.mht
    [2011/03/22 18:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/03/22 10:23:14 | 000,000,730 | ---- | M] () -- C:\Users\Justin\Desktop\paper.rtf
    [2011/03/22 07:36:17 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/22 07:35:55 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Justin\Documents\mbam-setup-1.50.1.1100.exe
    [2011/03/22 00:33:00 | 000,000,843 | ---- | M] () -- C:\Users\Justin\.recently-used.xbel
    [2011/03/22 00:24:56 | 201,711,184 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/03/21 21:00:38 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
    [2011/03/21 20:54:36 | 000,001,130 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/03/21 20:54:36 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/03/21 19:37:01 | 000,335,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/03/21 19:31:52 | 000,001,222 | ---- | M] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/21 19:13:22 | 000,001,137 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/03/21 19:13:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/03/21 17:21:49 | 000,000,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
    [2011/03/21 13:45:59 | 000,012,136 | -HS- | M] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
    [2011/03/21 12:17:41 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
    [2011/03/21 11:57:27 | 000,000,021 | ---- | M] () -- C:\Windows\tpcsd
    [2011/03/21 00:56:31 | 000,000,000 | ---- | M] () -- C:\Users\Justin\AppData\Local\Pbegaxacodene.bin
    [2011/03/20 23:08:36 | 000,440,656 | ---- | M] () -- C:\Users\Justin\Desktop\jp_title_screen.mp3
    [2011/03/19 20:07:09 | 000,001,413 | ---- | M] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/03/19 19:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2011/03/19 19:52:59 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/03/19 19:52:59 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    [2011/03/19 19:44:33 | 022,727,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Justin\Documents\IE9-Setup-US_Win7_X86.exe
    [2011/03/19 19:40:51 | 005,193,608 | ---- | M] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
    [2011/03/19 19:26:34 | 000,002,878 | ---- | M] () -- C:\Users\Justin\Documents\pass.rtf
    [2011/03/19 18:41:39 | 000,001,729 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/03/18 01:29:00 | 000,025,999 | ---- | M] () -- C:\Users\Justin\Desktop\emo.rtf
    [2011/03/16 03:05:30 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
    [2011/03/16 03:05:29 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
    [2011/03/15 11:13:41 | 000,000,687 | ---- | M] () -- C:\Users\Justin\Documents\reach.rtf
    [2011/03/15 10:31:50 | 000,004,712 | ---- | M] () -- C:\Users\Justin\Documents\Halo Reach single player - multiplayer - firefight levels.rtf
    [2011/03/09 23:42:42 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/09 18:06:27 | 2550,061,404 | ---- | M] () -- C:\Users\Justin\Desktop\[TV-J] Kidou Senshi Gundam UC Unicorn - episode.03 [BD 1920x1080 h264+AAC(5.1ch JP+EN) +Sub(JP-EN-SP-FR-CH) Chap].mp4
    [2011/03/09 14:25:14 | 000,002,518 | ---- | M] () -- C:\Users\Justin\Desktop\dvd release dates.rtf
    [2011/02/22 01:11:38 | 000,119,330 | ---- | M] () -- C:\Users\Justin\Documents\iPod_Support_v3_10.exe
    [2011/02/22 01:09:58 | 000,125,854 | ---- | M] () -- C:\Users\Justin\Documents\iPod_Support_v1_02.exe
    [2011/02/22 01:02:34 | 011,708,760 | ---- | M] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
    [2011/02/21 12:57:21 | 071,576,788 | ---- | M] () -- C:\Users\Justin\Desktop\Mobile_Suit_Gundam_00_AwotT_Dengeki_Data_Collection.zip
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2 C:\Users\Justin\*.tmp files -> C:\Users\Justin\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/03/22 21:11:47 | 000,399,479 | ---- | C] () -- C:\Users\Justin\Desktop\ddsproblem.png
    [2011/03/22 19:05:33 | 000,638,508 | ---- | C] () -- C:\Users\Justin\Desktop\GameFAQs Dissidia Final Fantasy (PSP) FAQ-Walkthrough by Blueset.mht
    [2011/03/22 10:23:14 | 000,000,730 | ---- | C] () -- C:\Users\Justin\Desktop\paper.rtf
    [2011/03/22 07:36:17 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/03/22 00:33:00 | 000,000,843 | ---- | C] () -- C:\Users\Justin\.recently-used.xbel
    [2011/03/21 21:29:51 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
    [2011/03/21 20:54:36 | 000,001,130 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
    [2011/03/21 20:54:36 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
    [2011/03/21 19:31:52 | 000,001,222 | ---- | C] () -- C:\Users\Justin\Desktop\Spybot - Search & Destroy.lnk
    [2011/03/21 19:13:22 | 000,001,137 | ---- | C] () -- C:\Users\Justin\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2011/03/21 19:13:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2011/03/21 14:07:30 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk
    [2011/03/21 12:17:41 | 000,000,042 | ---- | C] () -- C:\Windows\System32\scud.udf
    [2011/03/21 11:57:27 | 000,000,021 | ---- | C] () -- C:\Windows\tpcsd
    [2011/03/21 10:36:58 | 000,012,136 | -HS- | C] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
    [2011/03/19 19:41:48 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/03/19 19:41:25 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2011/03/19 19:41:24 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/03/19 19:41:23 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
    [2011/03/19 18:06:23 | 000,001,729 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    [2011/03/19 17:15:07 | 000,000,120 | ---- | C] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
    [2011/03/19 17:15:07 | 000,000,000 | ---- | C] () -- C:\Users\Justin\AppData\Local\Pbegaxacodene.bin
    [2011/03/15 11:13:26 | 000,000,687 | ---- | C] () -- C:\Users\Justin\Documents\reach.rtf
    [2011/03/09 23:42:42 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/03/09 14:37:36 | 2550,061,404 | ---- | C] () -- C:\Users\Justin\Desktop\[TV-J] Kidou Senshi Gundam UC Unicorn - episode.03 [BD 1920x1080 h264+AAC(5.1ch JP+EN) +Sub(JP-EN-SP-FR-CH) Chap].mp4
    [2011/02/22 01:09:56 | 000,125,854 | ---- | C] () -- C:\Users\Justin\Documents\iPod_Support_v1_02.exe
    [2011/02/22 01:04:36 | 000,119,330 | ---- | C] () -- C:\Users\Justin\Documents\iPod_Support_v3_10.exe
    [2011/02/21 12:57:20 | 071,576,788 | ---- | C] () -- C:\Users\Justin\Desktop\Mobile_Suit_Gundam_00_AwotT_Dengeki_Data_Collection.zip
    [2010/03/30 20:54:41 | 000,009,728 | ---- | C] () -- C:\Users\Justin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/12/05 16:43:05 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2009/11/14 17:43:54 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
    [2009/10/13 23:38:28 | 000,000,000 | ---- | C] () -- C:\Windows\lgfwup.ini
    [2009/09/17 19:36:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 23:33:53 | 000,335,104 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2009/07/13 21:05:48 | 000,619,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2009/07/13 21:05:48 | 000,105,440 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2009/06/16 23:28:37 | 000,170,454 | ---- | C] () -- C:\Windows\hpqins00.dat
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2009/05/11 05:10:26 | 000,226,816 | ---- | C] () -- C:\Program Files\tsMuxeR.exe
    [2009/05/11 04:17:14 | 002,562,048 | ---- | C] () -- C:\Program Files\tsMuxerGUI.exe
    [2008/09/22 13:31:09 | 000,000,004 | ---- | C] () -- C:\Windows\Pix11.dat
    [2008/09/03 14:57:09 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/09/03 14:56:04 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
    [2008/09/03 14:40:41 | 000,028,672 | ---- | C] () -- C:\Windows\System32\InsDrvZD.dll
    [2008/09/03 14:40:41 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ZyDelReg.exe
    [2008/09/03 14:40:41 | 000,015,872 | ---- | C] () -- C:\Windows\System32\InsDrvZD64.DLL
    [2008/09/03 14:40:40 | 000,001,162 | ---- | C] () -- C:\Windows\System32\W32N55.INI
    [2008/09/02 19:57:26 | 000,157,529 | ---- | C] () -- C:\Windows\hpoins28.dat
    [2008/08/30 10:45:14 | 000,004,020 | ---- | C] () -- C:\Users\Justin\AppData\Roaming\wklnhst.dat
    [2008/08/29 14:32:45 | 000,008,704 | ---- | C] () -- C:\Windows\System32\vidccleaner.exe
    [2008/08/29 14:31:38 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2008/08/29 14:31:37 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2008/03/11 15:13:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/03/11 15:13:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/03/11 15:13:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/03/11 15:13:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2008/03/11 14:38:46 | 000,000,068 | ---- | C] () -- C:\Windows\System32\Compaq_Demo.ini
    [2008/03/11 14:27:50 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2008/03/11 14:23:46 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe
    [2008/03/11 14:21:40 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
    [2008/03/11 14:21:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
    [2007/12/12 19:01:47 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl28.dat
    [1999/07/06 19:00:00 | 000,000,006 | RHS- | C] () -- C:\Windows\@@desktop.dat

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:68F4226F

    < End of report >

  6. #6
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    And here is Extras.txt

    OTL Extras logfile created on: 3/23/2011 10:55:42 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Justin\Desktop
    Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 39.00% Memory free
    4.00 Gb Paging File | 2.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 326.18 Gb Total Space | 211.59 Gb Free Space | 64.87% Space Free | Partition Type: NTFS
    Drive D: | 9.16 Gb Total Space | 1.25 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
    Drive M: | 931.51 Gb Total Space | 814.97 Gb Free Space | 87.49% Space Free | Partition Type: NTFS

    Computer Name: VEDA | User Name: Justin | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\rgn.exe (Valve Corporation)

    [HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
    .exe [@ = exefile] -- C:\Windows\System32\config\systemprofile\AppData\Local\rgn.exe (Valve Corporation)

    [HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 1
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- ()
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
    "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
    "{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
    "{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
    "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
    "{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
    "{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
    "{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
    "{22D90DD2-8654-4E8A-B2F1-B6B86A2BF390}" = CyberLink UDF Reader 5.0
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
    "{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
    "{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
    "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}" = Windows 7 Upgrade Advisor
    "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
    "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
    "{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
    "{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
    "{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
    "{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{7F2B6338-4C07-49A0-BDF0-AD92E3124A7E}" = Compaq Demo
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
    "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
    "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
    "{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
    "{A2E23800-051D-4F35-8169-85F5739A04C5}" = openCanvas4.5.09e Plus
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
    "{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
    "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    "{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
    "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Ad-Aware" = Ad-Aware
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AIM_7" = AIM 7
    "AOL Instant Messenger" = AOL Instant Messenger
    "Audio Record Wizard_is1" = Audio Record Wizard v3.99
    "AviSynth" = AviSynth 2.5
    "BitTorrent" = BitTorrent 5.0.9
    "Buddy Spy_is1" = Buddy Spy 2.2.10
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
    "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
    "DriverAgent.exe" = DriverAgent by TouchStone Software
    "DVD Flick_is1" = DVD Flick
    "FLAC" = FLAC 1.2.1b (remove only)
    "FREE Hi-Q Recorder_is1" = FREE Hi-Q Recorder 1.92
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "HPExtendedCapabilities" = HP Customer Participation Program 10.0
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "IrfanView" = IrfanView (remove only)
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
    "MSC" = McAfee AntiVirus Plus
    "MSNINST" = MSN
    "OfficeTrial" = Microsoft Office Home and Student 60 day trial
    "Open Codecs" = Xiph.Org Open Codecs 0.84.17359
    "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
    "PandoraRecovery" = PandoraRecovery (Remove Only)
    "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
    "PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "Recover My Files_is1" = Recover My Files
    "Shop for HP Supplies" = Shop for HP Supplies
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "TomTom HOME" = TomTom HOME 2.6.1.1549
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "VLC media player" = VLC media player 0.9.9
    "WildTangent hp Master Uninstall" = My HP Games
    "WinGimp-2.0_is1" = GIMP 2.6.4
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Mail Advisor" = Yahoo! Mail Advisor
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "NCsoft-Exteel" = Exteel

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 3/22/2011 10:06:43 PM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: ba4 Start
    Time: 01cbe8fd6e81eab2 Termination Time: 10 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 2eddacd3-54f2-11e0-a614-001d92f57446

    Error - 3/22/2011 10:28:42 PM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1578 Start
    Time: 01cbe901fd0f8e64 Termination Time: 0 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 423d0fc3-54f5-11e0-a614-001d92f57446

    Error - 3/23/2011 12:30:49 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 107c Start
    Time: 01cbe91178bee2d4 Termination Time: 78 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 3/23/2011 12:33:18 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: c64 Start
    Time: 01cbe9131755d6da Termination Time: 33 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 3/23/2011 12:38:49 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d20 Start
    Time: 01cbe913fc197876 Termination Time: 14 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 3/23/2011 9:51:44 AM | Computer Name = VEDA | Source = WinMgmt | ID = 10
    Description =

    Error - 3/23/2011 10:08:08 AM | Computer Name = VEDA | Source = Application Error | ID = 1000
    Description = Faulting application name: AcroRd32.exe, version: 8.1.0.137, time
    stamp: 0x46444e37 Faulting module name: AcroRd32.dll, version: 8.1.3.187, time stamp:
    0x48f5acd6 Exception code: 0xc0000005 Fault offset: 0x00023772 Faulting process id:
    0x1140 Faulting application start time: 0x01cbe963ba45c7ce Faulting application path:
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Faulting module path: C:\Program
    Files\Adobe\Reader 8.0\Reader\AcroRd32.dll Report Id: fa09e84c-5556-11e0-b8d7-001d92f57446

    Error - 3/23/2011 10:10:17 AM | Computer Name = VEDA | Source = Application Error | ID = 1000
    Description = Faulting application name: AcroRd32.exe, version: 8.1.0.137, time
    stamp: 0x46444e37 Faulting module name: AcroRd32.dll, version: 8.1.3.187, time stamp:
    0x48f5acd6 Exception code: 0xc0000005 Fault offset: 0x00023772 Faulting process id:
    0xb60 Faulting application start time: 0x01cbe96408c28737 Faulting application path:
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe Faulting module path: C:\Program
    Files\Adobe\Reader 8.0\Reader\AcroRd32.dll Report Id: 4721994c-5557-11e0-b8d7-001d92f57446

    Error - 3/23/2011 11:22:59 AM | Computer Name = VEDA | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "c:\program files\spybot
    - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot
    - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language"
    in element "assemblyIdentity" is invalid.

    Error - 3/23/2011 11:51:31 AM | Computer Name = VEDA | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.16722 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: f78 Start
    Time: 01cbe97208f132bb Termination Time: 16 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id: 695f955c-5565-11e0-b8d7-001d92f57446

    [ Media Center Events ]
    Error - 6/9/2009 11:37:39 AM | Computer Name = VEDA | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 4:55:11 PM | Computer Name = VEDA | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/7/2009 6:52:47 PM | Computer Name = VEDA | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:17:46 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:19:06 PM | Computer Name = VEDA | Source = DCOM | ID = 10005
    Description =

    Error - 3/22/2011 9:50:48 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 3/22/2011 9:53:31 PM | Computer Name = VEDA | Source = Service Control Manager | ID = 7022
    Description = The HP CUE DeviceDiscovery Service service hung on starting.

    Error - 3/23/2011 9:53:04 AM | Computer Name = VEDA | Source = Service Control Manager | ID = 7022
    Description = The HP CUE DeviceDiscovery Service service hung on starting.


    < End of report >

  7. #7
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    On your question about the performance, it hasn't went to blue-screen in the past 24 hours, but I've still had trouble with Internet Explorer 8. The most frequent problem is still the Google-link redirect, and IE will hang when I try to open a new tab/window and freeze, forcing me to use Task Manager to close it.

    And one more issue I neglected to mention: if I have to restart my computer, after I put in my password my desktop will not show, just a black screen with the mouse cursor. This usually forces me to just kill the power and turn it back on, and after that the desktop will load. I really do think it's due to whatever malware/virus I have, because my computer has consistently been pretty fast starting up and this has only started in the past few days.

  8. #8
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    On your question about the performance, it hasn't went to blue-screen in the past 24 hours, but I've still had trouble with Internet Explorer 8. The most frequent problem is still the Google-link redirect, and IE will hang when I try to open a new tab/window and freeze, forcing me to use Task Manager to close it.
    OK we can repair this if the need, however IE8 has now been superseded by IE9. I have noticed you have the installer for IE9 in your Documents folder, do not take any action with regard to this please for the time being.

    And one more issue I neglected to mention: if I have to restart my computer, after I put in my password my desktop will not show, just a black screen with the mouse cursor. This usually forces me to just kill the power and turn it back on, and after that the desktop will load. I really do think it's due to whatever malware/virus I have, because my computer has consistently been pretty fast starting up and this has only started in the past few days.
    OK, do you have a copy of the Windows 7 32 Bit Installation DVD in case we need to perform some repairs?

    You could also do with some more installed/upgraded RAM also. If you wish to upgrade the installed memory, Crucial have a small scanner(CrucialScan.exe) which is perfectly safe to download and run. Which will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.

    Next:

    Now please go to Start(Windows 7 Orb) >> Control Panel >> Programs and Features and remove the following (if present):

    Ad-Aware <-- In conflict with McAfee.
    Adobe Reader 8.1.3 <-- We will update this in due course.
    Adobe Media Player <-- No longer supported, so a security risk.
    BitTorrent <-- This will have to go if you want my assistance, read here.
    Java(TM) 6 Update 22 <-- We will update this in due course.
    ParetoLogic PC Health Advisor <-- Will be of little benefit and may adversely affect a system.
    Spybot - Search & Destroy <-- Will hinder the Malware Removal process, you may reinstall when I give the all clear.
    WeatherBug Gadget <-- Has undesirable characteristics.

    To do so click once on each of the above to highlight and click on Uninstall and follow the prompts.

    Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

    Backup the Registry:

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please go here and download ERUNT.
    • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
    • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
    • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
    • Make sure that at least the first two check boxes are selected.
    • Click on OK
    • Then click on YES to create the folder.
    Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

    Custom OTL Script:
    • Right-click OTL.exe and select Run as Administrator to start the program.
    • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code:
    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [WinampAgent] File not found
    O4 - HKU\S-1-5-21-1983776509-132609297-3775980313-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell - "" = AutoRun
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\AutoRun\command - "" = K:\Autorun_rlsmm.exe
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\checker\command - "" = K:\TEST\CHECKER.exe
    O33 - MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\Shell\dstest\command - "" = K:\TEST\DSTEST.exe
    [2011/03/21 20:54:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}
    [2011/03/21 20:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    [2011/03/21 19:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/03/21 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/03/21 19:22:35 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2011/03/21 19:16:00 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\ParetoLogic
    [2011/03/19 19:41:40 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\DriverCure
    [2011/03/19 19:41:29 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic
    [2011/03/19 19:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
    [2011/03/19 19:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
    [2011/03/19 19:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
    [2011/03/19 19:40:28 | 005,193,608 | ---- | C] (ParetoLogic Inc.) -- C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe
    [2011/03/19 17:15:05 | 000,000,000 | ---D | C] -- C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}
    [2011/02/22 01:02:19 | 011,708,760 | ---- | C] (Nullsoft, Inc.) -- C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe
    [2009/07/13 18:24:44 | 000,361,472 | ---- | C] (Fujitsu Takamisawa Component Limited) -- C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old
    [2011/03/22 18:00:01 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/03/21 17:21:49 | 000,000,120 | ---- | M] () -- C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat
    [2011/03/21 13:45:59 | 000,012,136 | -HS- | M] () -- C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i
    [2011/03/21 12:17:41 | 000,000,042 | ---- | M] () -- C:\Windows\System32\scud.udf
    2011/03/19 19:52:59 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2011/03/19 19:52:59 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
    [2011/03/19 19:52:59 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:63238B95
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:68F4226F
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files\BitTorrent
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe"=-
    
    :Commands
    [Purity]
    [ResetHosts]
    [EmptyFlash]
    [EmptyTemp]
    [CreateRestorePoint]
    [Reboot]
    • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
    • Then click the red Run Fix button.
    • Let the program run unhindered.
    • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

    Malwarebytes Anti-Malware:

    Note: Remember to right click MBAM and select Run As Administrator.
    • Launch the application, Check for Updates >> Perform full scan. <-- Select drives C, D & M
    • When the scan is complete, click OK, then Show Results to view the results.
    • Check(select) all items except those in the C:\System Volume Information folder and click on Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered?
    • OTL Log from the Custom Script.
    • Malwarebytes Anti-Malware Log.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  9. #9
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    OK, do you have a copy of the Windows 7 32 Bit Installation DVD in case we need to perform some repairs?
    Yes I do.

    I removed all suggested programs (except Weatherbug, for some reason it wasn't listed), and made a backup with ERUNT.

    I ran the OTL fix as instructed. The first time, it seemed like OTL had frozen, so I restarted my computer. Upon reboot I started over, and it completed without a problem, and I rebooted when prompted by OTL. But upon restarting and inputting my password, I had the black screen/no icons/no taskbar issue. I cut my computer off and turned it back on, selecting "Run Windows Normally", and it occurred again. On the third time it finally came up and had the log. Also, there is an item on my desktop with the name desktop.ini, was this due to the OTL fix?

    After the MBAM reboot, I had no startup issues.

  10. #10
    Junior Member
    Join Date
    Mar 2011
    Posts
    21

    Default

    OTL Log from the Custom Script:

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-1983776509-132609297-3775980313-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent not found.
    File C:\Program Files\BitTorrent\bittorrent.exe not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\Windows\Downloaded Program Files\erma.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    File K:\Autorun_rlsmm.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    File K:\TEST\CHECKER.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9c4a371-f3a2-11df-bd73-001d92f57446}\ not found.
    File K:\TEST\DSTEST.exe not found.
    Folder C:\ProgramData\{870E601A-FE70-4098-94B2-6E9963FCAA51}\ not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\ not found.
    Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\ not found.
    Folder C:\ProgramData\Spybot - Search & Destroy\ not found.
    Folder C:\Program Files\Spybot - Search & Destroy\ not found.
    Folder C:\ProgramData\RegCure\ not found.
    Folder C:\32788R22FWJFW\ not found.
    Folder C:\Users\Justin\AppData\Roaming\ParetoLogic\ not found.
    Folder C:\Users\Justin\AppData\Roaming\DriverCure\ not found.
    Folder C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ParetoLogic\ not found.
    Folder C:\Program Files\Common Files\ParetoLogic\ not found.
    Folder C:\Program Files\ParetoLogic\ not found.
    Folder C:\ProgramData\ParetoLogic\ not found.
    File C:\Users\Justin\Documents\ParetoLogic PC Health Advisor.exe not found.
    Folder C:\Users\Justin\AppData\Local\{2CACCC08-4937-447B-AB31-6A501E2DE91B}\ not found.
    File C:\Users\Justin\Documents\winamp5601_full_emusic-7plus_en-us.exe not found.
    File C:\Users\Justin\AppData\Local\ahafuyip.dll_old.old not found.
    File C:\Windows\tasks\ParetoLogic Registration3.job not found.
    File C:\Users\Justin\AppData\Local\Fmitanahifureqi.dat not found.
    File C:\ProgramData\02gx6r2l0370v70bm00a6ixv8r8l63551ywf7757812x05i not found.
    File C:\Windows\System32\scud.udf not found.
    File C:\Windows\tasks\PC Health Advisor Defrag.job not found.
    File C:\Windows\tasks\PC Health Advisor.job not found.
    Unable to delete ADS C:\ProgramData\Temp:63238B95 .
    Unable to delete ADS C:\ProgramData\Temp:68F4226F .
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Justin\Desktop\cmd.bat deleted successfully.
    C:\Users\Justin\Desktop\cmd.txt deleted successfully.
    File\Folder C:\Program Files\BitTorrent not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Justin
    ->Flash cache emptied: 15775 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Justin
    ->Temp folder emptied: 251083173 bytes
    ->Temporary Internet Files folder emptied: 444014376 bytes
    ->Java cache emptied: 3426635 bytes
    ->FireFox cache emptied: 22849879 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 22016 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1278273782 bytes
    RecycleBin emptied: 6330802708 bytes

    Total Files Cleaned = 7,945.00 mb



    OTL by OldTimer - Version 3.2.22.3 log created on 03232011_155444

    Files\Folders moved on Reboot...
    C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OG0124IO\showthread[1].htm moved successfully.
    C:\Users\Justin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

    Registry entries deleted on Reboot...

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •