Need Help uninstalling iLivid

Scolabar · Dec 29, 2011

Hi Bruce C,

Thank you for the update. I'll wait to hear from you.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Dec 30, 2011

Anti-malware

Hi Scholobar, I tried your inst. on my own but ran into a questionable site regarding Malwarebytes' anti-Malware . . When I thought I finnaly got to the free part they wanted my e-mail ect so they coulld send me the dnld. Sounded fishey? So I stopped there. Thanks , Bruce

Bruce C · Dec 30, 2011

Scan log ;I found my way again

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bruce :: BRUCE-PC [administrator]

12/30/2011 4:07:30 PM
mbam-log-2011-12-30 (16-07-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176117
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(

Bruce C · Dec 31, 2011

OTL scan Step 3

OTL logfile created on: 12/30/2011 7:51:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/27 08:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/04/11 08:17:08 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/04/11 08:17:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/04/11 08:17:07 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/04/11 08:17:07 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/04/11 08:17:07 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/04/11 08:17:07 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/04/11 08:17:07 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/04/11 08:17:07 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/04/11 08:17:06 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/04/11 08:17:06 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/04/11 08:17:06 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/04/11 08:17:04 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/04/11 08:17:03 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/04/11 08:17:03 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/04/11 08:17:02 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/04/11 08:17:02 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/04/11 08:17:02 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/04/11 08:17:02 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/04/11 08:17:01 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/04/11 08:17:01 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/04/11 08:17:01 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/04/11 08:17:01 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/04/11 08:17:01 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/04/11 08:17:00 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/04/11 08:17:00 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/04/11 08:17:00 | 000,233,984 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/04/11 08:17:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/04/11 08:17:00 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/04/11 08:16:59 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/04/11 08:16:59 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/04/11 08:16:58 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/04/11 08:16:58 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/04/11 08:16:58 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/04/11 08:16:57 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

========== Driver Services (SafeList) ==========

DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 82 A4 95 0C C4 CC 01 [binary data]
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/30 08:41:57 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Malwarebytes
[2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 15:40:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/30 15:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 15:08:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
[2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
[2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 18:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 15:41:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:08:51 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\#3.htm
[2011/12/30 14:59:31 | 000,008,871 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadget.htm
[2011/12/30 14:56:28 | 000,037,251 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
[2011/12/30 14:43:28 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
[2011/12/30 14:41:35 | 000,074,616 | ---- | M] () -- C:\Users\Bruce\Desktop\download.htm
[2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/30 08:48:03 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/30 08:48:03 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 08:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 21:25:33 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/27 20:40:22 | 000,139,264 | ---- | M] () -- C:\Users\Bruce\Desktop\SystemLook.exe
[2011/12/27 20:19:23 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/25 22:17:03 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/12/21 20:05:32 | 000,879,683 | ---- | M] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/20 22:45:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 15:41:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:08:51 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\#3.htm
[2011/12/30 14:59:31 | 000,008,871 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadget.htm
[2011/12/30 14:56:28 | 000,037,251 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
[2011/12/30 14:43:28 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
[2011/12/30 14:41:34 | 000,074,616 | ---- | C] () -- C:\Users\Bruce\Desktop\download.htm
[2011/12/27 20:40:22 | 000,139,264 | ---- | C] () -- C:\Users\Bruce\Desktop\SystemLook.exe
[2011/12/21 20:05:32 | 000,879,683 | ---- | C] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
[2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
[2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
[2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
[2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/29 21:25:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 12/30/2011 7:51:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C71FE6-FD48-485C-AF13-3808DC87F217}" = rport=138 | protocol=17 | dir=out | app=system |
"{0614EFC1-D649-4348-9388-4DDE71007316}" = rport=139 | protocol=6 | dir=out | app=system |
"{143FB136-D8E0-4AA0-B5A9-8C8D8064AABD}" = lport=137 | protocol=17 | dir=in | app=system |
"{41937103-B807-4395-82F0-5DF463440BDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B351C59-02A7-4868-81B3-0AEB069AB52A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63D50AA6-4DCA-4A6B-B677-8088ED6F04BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AE72094-FDDC-4ACD-BE11-0B837B2B8841}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CC836D6-6F69-43B3-B802-11CFD279CB06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87829809-6925-44EC-B0F4-9FD38BD5424C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAAA0641-7FD8-4D52-83A0-F02BE7821F5C}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011558CB-9AD7-43BA-9799-60F9CC69854D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{078680B7-2530-4CDC-A0F3-6259239A5BE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0C01E7FA-7331-4A63-81A7-22B4F6980655}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{1890D10E-D950-4AB2-8144-2ABBBB54D52A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{34980A69-2428-46A5-AAB5-3EA8BA49BF92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A4F0DC8-415B-48D7-BAD8-612A8EFD67BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3C2F3189-ACE2-4514-AC48-BA372DCA9BBD}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{548FE892-E2C1-4734-9622-CDC154D8950A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{56D766BF-352A-4538-A6ED-210C372318B2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5AF716DF-7D29-476C-9B19-47C1AC2E9A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{680F9F34-4315-4B4B-9BC5-DD706129F1ED}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{6E3C1CE7-99DA-4F6C-A4D1-81B6581ADABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84C0CD36-566D-4FBA-8BC7-8CFD02AD49A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{936A5380-2522-4AB3-AF91-F5B127DC6F4F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A2BA0F5E-0619-47FF-874A-AD28EE49D254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A764267E-DFFB-4736-A41F-2A30D2444975}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{A8A24D1E-68FC-4065-8C3E-A22C7F14B4A9}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"{B9AEF5AB-16EA-447E-BC82-78B3832C8520}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{BAAE4544-A02D-42C3-8D4E-05CF6655B595}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{C3C84773-D758-480E-A42B-40A86D8CD75A}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{C4B812CF-49A9-4FC5-A0D8-7D71AD891495}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{D295D8C1-4942-4798-9DEC-3BC89FD808D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D58EA2EE-3ABF-4C74-9B1E-63F73876DEF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFFEC8CA-527A-4187-A197-0EA5FA88C14D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{F061D39C-4EA5-4406-A2CB-F89E392DC400}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4ACB043-CE5C-4E51-8754-58F695A6084D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Boxster Models" = Boxster Models 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Dell Support Center" = Dell Support Center
"Dell V305" = Dell V305
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2011 3:26:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/29/2011 9:16:21 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.6.77.0, time
stamp 0x4e8d6886, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x6f5953a0, process id 0xf40, application
start time 0x01ccc62c0bee1897.

Error - 12/29/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/29/2011 3:00:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/30/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/30/2011 3:00:07 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
Addr 169.254.163.251

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing: 4 Bruce-PC.local.
Addr 192.168.1.2

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
Addr 169.254.163.251

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing: 16 Bruce-PC.local.
AAAA FE80:0000:0000:0000:8414:AF42:0FF4:0B33

[ Dell Events ]
Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/14/2011 9:18:25 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 12/16/2007 6:54:04 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2007 8:41:56 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 6:49:07 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 7:09:17 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 6:51:43 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 6:34:19 AM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 2:18:22 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 9:16:15 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/22/2008 5:49:06 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/17/2009 6:35:28 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/29/2011 9:14:08 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2011 9:14:48 AM | Computer Name = Bruce-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2011 9:16:40 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

< End of report >

Bruce C · Dec 31, 2011

Step 4 Systemlook

SystemLook 30.07.11 by jpshortstuff
Log created at 20:19 on 30/12/2011 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "12*2011_*.log"
C:\_OTL\MovedFiles\12262011_150845.log --a---- 87008 bytes [20:18 26/12/2011] [20:24 26/12/2011] A099FF46D1C2A4F42CC9AB9E5908681A
C:\_OTL\MovedFiles\12272011_185541.log --a---- 25374 bytes [23:58 27/12/2011] [01:21 28/12/2011] 4AEBB579D988F7CC61C2B89521D0D627

-= EOF =

Bruce C · Dec 31, 2011

Step 5

No problems ,I don't think,
steps 2,3,4,5 ok
The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.Thank you for all of your patience and Help , Bruce

Scolabar · Dec 31, 2011

Hi Bruce C,

Thank you for the logs and update.

Thank you also for letting me know about your experience downloading MalwareBytes' AntiMalware. I will look into that.

Bruce C said:
The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.

You can reset your default home page by following the instructions provided Here.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

We will be making changes to the Registry again. Please create another System Restore Point following the instructions as provided previously before continuing any further.

Step 2:
Java Runtime Environment Update Needed!

Your existing installation of the Java Runtime Environment is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please download the latest installer from HERE
Locate the Java SE 7u2 section.
Click on the Download JRE button to the right.
Select the Accept License Agreement option to accept the Oracle Binary Code License Agreement for Java SE in order to download the software.
Locate the entry for Windows x86 Offline, click on the file named jre-7u2-windows-i586.exe and Save it to your Desktop.
Close all active windows.
Select Start > Control Panel > Programs > Programs and Features.
Uninstall the following old version of the Java Runtime Environment:
- Java(TM) SE Runtime Environment 6
When the removal has been completed close the Programs and Features window along with any others remaining open.
Right-click on jre-7u2-windows-i586.exe and select the Run As Administrator option to run the installer. If you receive a UAC prompt, please allow it.
Then follow the on-screen instructions to complete the installation.
- IMPORTANT NOTE: If offered at any stage during the installation, make sure the option to install the Ask Toolbar is UNCHECKED.

Step 3:
OTL - Script

Next we need to run another OTL script.

**IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.

Copy and Paste the following code into the

textbox. Do not include the word Code.

Code:

:otl
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

:files
C:\Users\Bruce\AppData\Roaming\Uniblue
ipconfig /flushdns /c

:commands
[emptytemp]

Then click the Run Fix button at the top.
Click

.
OTL should ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.
Please Copy and Paste the contents of that report into your next reply.

Step 4:
ESET Online Scanner

Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then right-click on it and select the Run As Administrator option to run the installer.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic, if necessary.

Right-click on your Internet Explorer or Firefox desktop icon and select the Run As Administrator option to launch the program.
Then please go to ESET Online Scanner - © ESET (All Rights Reserved) to run an online scan.
** Make sure you are using an account that has Administrative privileges **
Click on the ESET Online Scanner button.
Check the box next to "YES, I accept the Terms of Use."
Click Start.
A window will open. It may appear nothing is happening, but please be patient.
Click Yes to the run ActiveX prompt.
Click Install at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click on the Start button.
Make sure that the options:
- Remove found threats is UNCHECKED
- Leave the "default" settings under Advanced as they are. If not set, please check:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
Click on the Start button.
ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
Copy and Paste the entire contents of log.txt into your next reply.

Remember to re-enable your Anti-virus protection before continuing!

Step 5:
SystemLook

Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:
Code:
```
:contents
C:\_OTL\MovedFiles\12272011_185541.log
```
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.

Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL Script log results.
ESET log results.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Jan 2, 2012

Step 6 Include in next post

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
C:\ProgramData\SPLA24A.tmp deleted successfully.
C:\ProgramData\SPLBC05.tmp deleted successfully.
C:\ProgramData\SPLBD01.tmp deleted successfully.
========== FILES ==========
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 582909 bytes
->Temporary Internet Files folder emptied: 255799268 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1658 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 180173 bytes

Total Files Cleaned = 245.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Bruce C · Jan 2, 2012

Step 3 OTL Script-Sorry for the confusion on previous reply

Correction: last post was labeled Step 6- It was actually step 3 OTL Script

Bruce C said:
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
C:\ProgramData\SPLA24A.tmp deleted successfully.
C:\ProgramData\SPLBC05.tmp deleted successfully.
C:\ProgramData\SPLBD01.tmp deleted successfully.
========== FILES ==========
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 582909 bytes
->Temporary Internet Files folder emptied: 255799268 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1658 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 180173 bytes

Total Files Cleaned = 245.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Scolabar · Jan 2, 2012

Hi Bruce C,

Please can you also post the ESET and SystemLook logs as requested in my last post.

ESET log results.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Jan 2, 2012

Step 4 EST online scanner

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

Scolabar · Jan 3, 2012

Hi Bruce C,

Thank you again for the logs.

Those files detected by the ESET scan will be dealt with in the final cleanup process.

We're almost there. Please bear with me. :bigthumb:

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
SystemLook

Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.

Copy and Paste the text in the code box below into SystemLook's main text entry window:

Code:

:filefind
*MS AntiSpyware 2009*

:folderfind
*MS AntiSpyware 2009*

:regfind
MS AntiSpyware 2009

:contents
C:\_OTL\MovedFiles\12272011_185541.log

Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.

Step 2:
Include in Next Post

Did you have any problems carrying out the instructions?
SystemLook.txt.
How is the computer now running?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar · Jan 5, 2012

Hi Bruce C,

It has been over 48 hours since my last post.

Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's policy, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Jan 6, 2012

Delay between posts

I apologise for the delay since my last post . I try to complete each step when my wife is home as I often need her help ,but she works long days so its not always easy to get her assistance since she has so many other things to do when she is home. I'll give it a shot right now , as it still seems a little slow other than that it sometimes displays "cannot display page"
Thanks , Bruce

Bruce C · Jan 6, 2012

Results of scan :systemlook scan

Hi Scolobar
No problem with instructions , however I did'nt see a SystemLook .txt on my Desktop so I copy and pasted the results here.Thanks Bruce
Log created at 07:14 on 06/01/2012 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "*MS AntiSpyware 2009*"
No files found.

========== folderfind ==========

Searching for "*MS AntiSpyware 2009*"
No folders found.

========== regfind ==========

Searching for "MS AntiSpyware 2009"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]

========== contents ==========

C:\_OTL\MovedFiles\12272011_185541.log - Opened succesfully.

ÿþAll processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"|"- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk moved successfully.
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318} folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk not found.
File\Folder C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 320628 bytes
->Temporary Internet Files folder emptied: 63747516 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1867 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 27648 bytes

Total Files Cleaned = 61.00 mb

Error: Unable to interpret <[resethosts]Then click the Run Fix button at the > in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12272011_185541

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF937D.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9389.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93DB.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93E7.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9421.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF942D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\0f0ca97dac[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].gif moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\ProductDisplay[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\showthread[2].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\mybostonharley_com[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\questionshome[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\reviews[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3B7SFPP4\proxy[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Scolabar · Jan 7, 2012

Hi Bruce C,

Thank you again for the logs and feedback.

Please can I remind you to post an update to keep this topic "live" as I had requested the topic to be closed.

Bruce C said:
... it still seems a little slow other than that it sometimes displays "cannot display page"

I am going to ask you to run some additional checks.

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

Please create another System Restore Point following the instructions previously posted before continuing any further.

Step 2:
Backup MBR

As a precaution I am going to ask you to back up your PC's Master Boot Record:

Double-click MBRBackup.exe to launch the program.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
Exit the program.
I strongly advise that you keep a copy of this backup stored on an external device - on an external hard drive, CD/DVD or USB flash drive - for peace of mind.

Step 3:
OTL - Script

Next we need to run another OTL script.

**IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.

Copy and Paste the following code into the

textbox. Do not include the word Code.

Code:

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
[-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]

:commands
[emptytemp]

Then click the Run Fix button at the top.
Click

.
OTL should ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.
Please Copy and Paste the contents of that report into your next reply.

Step 4:
Rootkit UnHooker (RkU)

Please download Rootkit UnHooker. Save it to your Desktop.
Please Note: The resulting log file can be very long. You may need to post it separately.

Right-click on RKUnhookerLE.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click the Report tab, then click Scan.
Check the Drivers, Stealth Code, Files and Code Hooks options.
Uncheck the rest of the options. Then click on the OK button. (See the image below for reference.)

The scanning will toggle through the Checked items "tabs". This can take a while, so please be patient.
When the scanner is finished, select File > Save Report.
Save the file Report.txt to your Desktop.
Click on the Close button and then click the Yes button to confirm.
Copy and Paste the entire contents of the Report.txt file into you're next reply.

Step 5:
MBRCheck - Scan

Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
A small black window will open with some information. Please do not fix anything (- if it gives you an option).
If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.

Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL.txt.
Report.txt.
MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Jan 9, 2012

Step 3 notepad after reboot

========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 523043 bytes
->Temporary Internet Files folder emptied: 202610430 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3006 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01082012_220908

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AF2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AFE.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B56.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B6F.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BA7.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BBD.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TG91WWCK\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Bruce C · Jan 9, 2012

Step 4 completed

I completed step 4 but was unable to copy and paste it and in the prosses I lost it . Thats as far as I can go tonight as I have to bring my wife to the Hospital early tommorow . Tha computer runs much better and if you want to call it quits now thats OK by me. Thank you very much for all of your help , Bruce

Scolabar · Jan 9, 2012

Hi Bruce C,

Thanks for the feedback and OTL log.

Having got this far and if you are happy to continue, it would be good if you could post the logs from the last two steps of my last set of instructions to confirm that the MBR and rootkit scans come back clean, for peace of mind.

Just try running steps 4 and 5 again and make sure you Save the Report.txt file to your Desktop in step 4 this time.

Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
Report.txt.
MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C · Jan 11, 2012

steps 4 and 5

Ok I'll give it a shot. Thanks ., Bruce

Need Help uninstalling iLivid

Emeritus- Malware Team

New member

New member

New member

New member

New member

Emeritus- Malware Team

New member

New member

Emeritus- Malware Team

New member

Emeritus- Malware Team

Emeritus- Malware Team

New member

New member

Emeritus- Malware Team

New member

New member

Emeritus- Malware Team

New member