Sheryl

Members
  • Content Count

    34
  • Joined

  • Last visited

Everything posted by Sheryl

  1. Thank you again. And I will tell everyone I know about BestTechie and especially you. ; )
  2. Thank you sooo much. My computer hasn't been running "normally" for over a year. It is now running better than normal. I have not completed all of these steps that you have recommended yet, but I will as soon as I complete this post. I will definately tell everyone about your service. I wish I would have known about you sooner. You are a "Godsend". Thank you, again. ; ) P.S. Could you please bump your post on the Lovell Classifieds? I have been unable to locate it again. ; ) Thank you again.
  3. Okay. I just finished running that Microsoft scan. It showed that it did not detect any viruses or anything on the system. I also restarted my computer and that pop up of the worm has not popped up again.
  4. I just saw this one. Let me try it now.
  5. It seems to be running better, however I am still getting the same two pop ups. When I close the first one, the pop up of the worm comes up. Everytime upon restart.
  6. Select the option YES, I accept the Terms of Use then click on: * When prompted allow the Add-On/Active X to install. * Make sure that the option Remove found threats is checked, and the option Scan archives is checked. * Now click on Advanced Settings and select the following: o Scan for potentially unwanted applications o Scan for potentially unsafe applications o Enable Anti-Stealth Technology * Now click on: # The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. # When completed the Online Scan will begin automatically. # Do not touch either the Mouse or keyboard during the scan otherwise it may stall. # When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! # Now click on: # Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt # Copy and paste that log as a reply to this topic. ================== This is usually caused by a needed update driver !!! Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !! We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !! Did those appear after the ESET Scan ???? Thanks Chuck Okay. I just restarted my computer and the virus alert still comes up upon restart. ; (
  7. C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined C:\Users\guerajasso\AppData\Local\Temp\vlsuho12a8uu6-10083.tmp Win32/Simda.P trojan cleaned by deleting - quarantined C:\Users\Public\Downloads\10DaysUnderTheSea-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\10Talismans-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\3Days_ZooMystery-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\AlabamaSmith_Setup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\AlicesMagicalMahjong-dm (1).exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\AlicesMagicalMahjong-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Ankh2HeartofOsiris-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\AnkhTheLostTreasures-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Aquitania-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\aroundtheworldin80days-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\BigCityAdventureSF_EN-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\cafe_mahjongg-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Cradle_of_Persia-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Hide_and_Secret-v1-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Jetsetter-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\JigsawLandscapesSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\LegendsotWildWestGoldenHill-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\LetterLab-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\LucyQ_Setup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MagicEncyclopedia-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MahjongEscapeAncientChina-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MahJongSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Marooned-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Marooned-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MissTeriTale-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MurderSheWrote-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MyBoyfriend-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MyFantasyWeddingSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\MysteryvilleSetup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\NancyDrew_ResortingtoDanger-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\NeptunesSecret-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Pickers-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\PureHidden-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\SallysSpa-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Saqqarah-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\TheMysteriousCityPrague-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\TheMysteryoftheCrystalPortal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\WHTheInquisitor-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined C:\Users\Public\Downloads\Zeal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined E:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.B application cleaned by deleting - quarantined Okay. I deleted scan and finished up as requested. ; )
  8. Select the option YES, I accept the Terms of Use then click on: * When prompted allow the Add-On/Active X to install. * Make sure that the option Remove found threats is checked, and the option Scan archives is checked. * Now click on Advanced Settings and select the following: o Scan for potentially unwanted applications o Scan for potentially unsafe applications o Enable Anti-Stealth Technology * Now click on: # The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. # When completed the Online Scan will begin automatically. # Do not touch either the Mouse or keyboard during the scan otherwise it may stall. # When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! # Now click on: # Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt # Copy and paste that log as a reply to this topic. ================== This is usually caused by a needed update driver !!! Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !! We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !! Did those appear after the ESET Scan ???? Thanks Chuck This scan just completed. Do I "delete quarentined filesOr just press uninstall application on close and press finish? This scan took over 9 hours. It was a long one.
  9. Select the option YES, I accept the Terms of Use then click on: * When prompted allow the Add-On/Active X to install. * Make sure that the option Remove found threats is checked, and the option Scan archives is checked. * Now click on Advanced Settings and select the following: o Scan for potentially unwanted applications o Scan for potentially unsafe applications o Enable Anti-Stealth Technology * Now click on: # The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection. # When completed the Online Scan will begin automatically. # Do not touch either the Mouse or keyboard during the scan otherwise it may stall. # When completed select Uninstall application on close if you so wish, make sure you copy the logfile first! # Now click on: # Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt # Copy and paste that log as a reply to this topic. ================== This is usually caused by a needed update driver !!! Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !! We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !! Did those appear after the ESET Scan ???? Thanks Chuck Okay. Let me start this process now. I will let you know.
  10. Here are the results.... All processes killed Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not foundO3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not foundO4:64bit: - HKLM..\Run: [intelWirelessWiMAX] OSPLASH File not foundO4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex> in the current context! Error: Unable to interpret <.exe" -hide -runkey File not foundO4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not foundO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value [email protected] Data Stream - 99 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 126 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 125 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 124 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 123 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 122 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778> in the current context! Error: Unable to interpret <[email protected] Data Stream - 121 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 120 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 118 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 117 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 117 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 117 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 114 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 112 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 111 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 108 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 106 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 106 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 105 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 104 bytes -> C:\ProgramData\TEMP:[email protected] Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46[HKEY_USERS\S-1-5-21-2943996986-> in the current context! Error: Unable to interpret <3391541806-3619402730-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not foundipconfig /flushdns :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 05172013_083356 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... Upon restart, this pops up.... Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly. Windows will notify you if a solution is available. When I close it the Virus alert comes up regarding that "worm".
  11. Okay. Here are the results from that last scan.... # AdwCleaner v2.301 - Logfile created 05/17/2013 at 08:16:16 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (64 bits) # User : guerajasso - GUERAJASSO-PC # Boot Mode : Normal # Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Common Files\ParetoLogic Deleted on reboot : C:\Program Files (x86)\ImTranslator_Pro Deleted on reboot : C:\ProgramData\ParetoLogic Deleted on reboot : C:\Users\guerajasso\AppData\Local\APN Deleted on reboot : C:\Users\guerajasso\AppData\Local\PackageAware Deleted on reboot : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro Deleted on reboot : C:\Users\guerajasso\AppData\Roaming\ParetoLogic ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\ImTranslator_Pro Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Deleted : HKLM\Software\GamesBarSetup Key Deleted : HKLM\Software\ImTranslator_Pro Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [8720 octets] - [17/05/2013 07:46:33] AdwCleaner[R2].txt - [8780 octets] - [17/05/2013 08:15:44] AdwCleaner[s1].txt - [8606 octets] - [17/05/2013 08:16:16] ########## EOF - C:\AdwCleaner[s1].txt - [8666 octets] ##########
  12. No. I haven't used it for a long time. About 3 years. It can go.
  13. Here are the results of the latest scan.... # AdwCleaner v2.301 - Logfile created 05/17/2013 at 07:46:33 # Updated 16/05/2013 by Xplode # Operating system : Windows Vista Ultimate Service Pack 2 (64 bits) # User : guerajasso - GUERAJASSO-PC # Boot Mode : Normal # Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic Folder Found : C:\Program Files (x86)\ImTranslator_Pro Folder Found : C:\ProgramData\ParetoLogic Folder Found : C:\Users\guerajasso\AppData\Local\APN Folder Found : C:\Users\guerajasso\AppData\Local\PackageAware Folder Found : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro Folder Found : C:\Users\guerajasso\AppData\Roaming\ParetoLogic ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\ImTranslator_Pro Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Found : HKCU\Software\YahooPartnerToolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56} Key Found : HKLM\Software\GamesBarSetup Key Found : HKLM\Software\ImTranslator_Pro Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5 Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514 Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16483 [OK] Registry is clean. -\\ Google Chrome v26.0.1410.64 File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [8599 octets] - [17/05/2013 07:46:33] ########## EOF - C:\AdwCleaner[R1].txt - [8659 octets] ##########
  14. I'm sorry. I did not receive this last night. I will now run this latest scan as requested.
  15. These are the results of my last scan of Malwarebytes.... Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.16.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 guerajasso :: GUERAJASSO-PC [administrator] 5/16/2013 2:28:54 PM mbam-log-2013-05-16 (14-28-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 228380 Time elapsed: 16 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) It states the scan was completed successfully. No malicious items detected. I am going to run a scan disk and then a defrag, then I will await your response tomorrow morning. Thank you so much for your help so far. ; )
  16. OTL logfile created on: 5/16/2013 2:05:09 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.41% Memory free 8.17 Gb Paging File | 5.77 Gb Available in Paging File | 70.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.01 Gb Total Space | 193.81 Gb Free Space | 68.48% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Drive E: | 15.00 Gb Total Space | 6.75 Gb Free Space | 44.98% Space Free | Partition Type: NTFS Computer Name: GUERAJASSO-PC | User Name: guerajasso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/16 14:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr PRC - [2013/05/14 12:55:49 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe PRC - [2013/05/11 09:52:33 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe PRC - [2013/02/13 10:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe PRC - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe PRC - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/07/16 10:00:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe PRC - [2009/07/16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2009/05/21 07:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/01/09 12:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe ========== Modules (No Company Name) ========== MOD - [2013/05/15 15:35:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll MOD - [2013/05/15 15:04:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll MOD - [2013/02/18 08:48:21 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll MOD - [2013/01/09 21:56:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/09 21:55:39 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/09 21:54:19 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/09 21:54:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2012/11/03 17:32:46 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportMS.dll MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll MOD - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/07/16 10:00:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe MOD - [2009/07/16 09:59:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2009/07/16 09:59:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2009/07/16 09:59:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2009/07/16 09:59:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2009/07/16 09:59:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2009/07/16 09:59:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2009/07/16 09:58:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2009/07/16 09:58:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll MOD - [2009/04/09 15:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009/05/06 00:28:34 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2009/03/30 06:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV) SRV:64bit: - [2009/03/30 06:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters) SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2008/12/11 17:33:20 | 000,399,872 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV:64bit: - [2008/12/11 17:32:52 | 003,551,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV:64bit: - [2008/10/16 17:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2008/10/16 16:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/03/09 16:51:12 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbfcoms.exe -- (dlbf_device) SRV - [2013/05/14 12:55:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6) SRV - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/18 18:44:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2009/07/16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2013/02/13 10:19:12 | 000,236,248 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64) DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/15 09:45:04 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon) DRV:64bit: - [2011/04/04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp) DRV:64bit: - [2011/03/31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem) DRV:64bit: - [2010/08/27 12:08:14 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet) DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys -- (HtcVCom32) DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys -- (HtcUsbMdmV64) DRV:64bit: - [2010/03/08 11:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir) DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice) DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/05/28 23:52:36 | 005,437,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2009/05/06 00:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2009/05/06 00:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/04/27 01:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2009/03/30 06:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA) DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid) DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd) DRV:64bit: - [2009/02/23 04:34:02 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bpusb.sys -- (bpusb) DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl) DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService) DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/12/30 20:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2008/12/01 10:35:32 | 000,028,160 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\bpprot.sys -- (BPPROT) DRV:64bit: - [2008/12/01 10:35:28 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bpmp.sys -- (bpmp) DRV:64bit: - [2008/12/01 10:35:20 | 000,037,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bpenum.sys -- (bpenum) DRV:64bit: - [2008/07/17 04:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2008/07/17 04:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008/07/17 04:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008/07/16 05:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2008/01/20 20:48:54 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:64bit: - [2008/01/20 20:46:02 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService) DRV - [2013/02/28 19:19:38 | 000,585,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys -- (RapportCerberus_50414) DRV - [2013/02/13 10:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) DRV - [2013/02/13 10:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\..\URLSearchHook: {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\guerajasso\Desktop IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/ IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/ IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.* ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\guerajasso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/14 18:44:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/05 21:54:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Bing (Enabled) CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms} CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language} CHR - homepage: http://www.google.com/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Sammsoft Toolbar = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\ CHR - Extension: Entanglement = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: SiteAdvisor = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\ CHR - Extension: SiteAdvisor = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: Poppit = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\ O1 HOSTS File: ([2010/11/23 04:29:53 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627212338.dll (McAfee, Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627212338.dll (McAfee, Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not found O2 - BHO: (ImTranslator Pro Toolbar) - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ImTranslator Pro Toolbar) - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (ImTranslator Pro Toolbar) - {FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] OSPLASH File not found O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Facebook Update] C:\Users\guerajasso\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CAEDB95-8340-404C-9F1C-6C31CEB12310}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\guerajasso\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\guerajasso\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ] O33 - MountPoints2\{12d51b17-fa35-11de-8627-0026b9017750}\Shell\AutoRun\command - "" = G:\CA_EdgeLitemobile.exe O33 - MountPoints2\{17a22904-3e00-11e0-9186-0026b9017750}\Shell - "" = AutoRun O33 - MountPoints2\{17a22904-3e00-11e0-9186-0026b9017750}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{252e9715-cae1-11e1-ae2b-0026b9017750}\Shell - "" = AutoRun O33 - MountPoints2\{252e9715-cae1-11e1-ae2b-0026b9017750}\Shell\AutoRun\command - "" = H:\setup.exe -a O33 - MountPoints2\{337084a8-f7c4-11de-94f2-0026b9017750}\Shell - "" = AutoRun O33 - MountPoints2\{337084a8-f7c4-11de-94f2-0026b9017750}\Shell\AutoRun\command - "" = G:\DPFMate.exe O33 - MountPoints2\{4d75ab51-c174-11df-9b2e-0026b9017750}\Shell - "" = AutoRun O33 - MountPoints2\{4d75ab51-c174-11df-9b2e-0026b9017750}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe O33 - MountPoints2\{4d75ab68-c174-11df-9b2e-0026b9017750}\Shell - "" = AutoRun O33 - MountPoints2\{4d75ab68-c174-11df-9b2e-0026b9017750}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/16 14:01:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr [2013/05/16 13:20:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.com [2013/05/16 13:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2013/05/16 11:39:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/05/16 11:38:55 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/16 11:36:56 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\guerajasso\Desktop\JRT.exe [2013/05/16 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\guerajasso\AppData\Roaming\Malwarebytes [2013/05/16 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/05/16 10:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/05/16 10:49:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/05/16 10:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/05/16 10:47:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\guerajasso\Desktop\mbam-setup-1.75.0.1300.exe [2013/05/16 09:31:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\guerajasso\Desktop\aswMBR.exe [2013/05/15 09:47:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/05/15 09:47:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/05/15 09:46:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/05/15 09:46:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/05/15 09:46:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/05/15 09:46:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/05/15 09:46:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/05/15 09:46:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/05/15 09:46:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/05/15 09:46:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/05/15 09:46:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/05/15 09:46:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/05/15 09:46:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/05/15 09:46:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/05/15 09:46:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/05/15 07:10:55 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2009/12/01 09:32:43 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\guerajasso\AppData\Roaming\DataSafeDotNet.exe ========== Files - Modified Within 30 Days ========== [2013/05/16 14:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr [2013/05/16 13:58:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/05/16 13:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/05/16 13:27:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2943996986-3391541806-3619402730-1000UA.job [2013/05/16 13:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.com [2013/05/16 13:11:03 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2013/05/16 13:04:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd921058bbf9d8.job [2013/05/16 13:04:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/05/16 13:04:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/05/16 13:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/05/16 12:11:37 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2013/05/16 11:36:57 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\guerajasso\Desktop\JRT.exe [2013/05/16 10:47:19 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\guerajasso\Desktop\mbam-setup-1.75.0.1300.exe [2013/05/16 09:32:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\guerajasso\Desktop\aswMBR.exe [2013/05/15 18:00:01 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job [2013/05/15 16:27:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2943996986-3391541806-3619402730-1000Core.job [2013/05/15 14:47:00 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/05/15 14:38:36 | 000,272,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/15 09:36:42 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/05/15 09:36:42 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/05/14 12:55:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/05/14 12:55:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2012/11/22 19:10:29 | 000,002,793 | ---- | C] () -- C:\Users\guerajasso\AppData\Roaming\log.sflog [2012/05/31 22:12:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/29 23:50:19 | 000,000,006 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\start [2010/01/04 16:27:41 | 000,007,220 | -H-- | C] () -- C:\Users\guerajasso\AppData\Local\slot1.mm1 [2009/10/10 16:05:33 | 000,029,216 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\UserTile.png [2009/09/25 19:39:40 | 000,009,728 | ---- | C] () -- C:\Users\guerajasso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/09/25 13:37:04 | 000,007,052 | ---- | C] () -- C:\Users\guerajasso\AppData\Local\d3d9caps.dat [2009/09/25 10:35:06 | 000,002,164 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\install.dat ========== ZeroAccess Check ========== [2006/11/02 09:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E @Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\Women's Wellness Letterhead.doc:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\OUTREACH WORKER.doc:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\ATT00197.dat:Roxio EMC Stream @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778D0 @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004 @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81 @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55 @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A @Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46 < End of report > OTL Extras logfile created on: 5/16/2013 2:05:09 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.41% Memory free 8.17 Gb Paging File | 5.77 Gb Available in Paging File | 70.59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.01 Gb Total Space | 193.81 Gb Free Space | 68.48% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Drive E: | 15.00 Gb Total Space | 6.75 Gb Free Space | 44.98% Space Free | Partition Type: NTFS Computer Name: GUERAJASSO-PC | User Name: guerajasso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 6B 29 E7 8D 63 77 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{048B0E10-F8C1-48D6-88F2-BC13675A1E01}" = rport=445 | protocol=6 | dir=out | app=system | "{06EA1856-8B5A-4494-8902-A34F176D52A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E072534-DE8F-41E4-8658-8E98CB9BD356}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{147238FF-39E5-4C56-B9C2-DFC3B032461B}" = rport=137 | protocol=17 | dir=out | app=system | "{2013337D-BA1A-4277-8293-4AB7F56D9991}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2078BED4-977D-4EDC-8865-D1B6878B2A30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{30DA82EF-A2AA-4A8C-9E76-57D9B415AF2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4134AA26-92EB-416B-8CEE-8EFB52179488}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{42BBACD7-63B5-49C7-ACE9-1C8253028A55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A4D58D8-717A-49F4-8B71-A8B6B9DCF356}" = rport=138 | protocol=17 | dir=out | app=system | "{5EC36F96-5B52-4699-89FD-8392FADFC85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{65C387FB-6CF6-4D05-8414-B780F7D50629}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CD93E7A-2266-4EE6-A563-3DA9674B7C60}" = lport=445 | protocol=6 | dir=in | app=system | "{807985AD-E560-40A0-BC4A-5E4B803DF868}" = lport=139 | protocol=6 | dir=in | app=system | "{86A9035A-4149-4E96-BE73-D3ED9D973941}" = lport=138 | protocol=17 | dir=in | app=system | "{87DEEB96-CA76-4B5D-AA30-88F30BAEEBFF}" = lport=10243 | protocol=6 | dir=in | app=system | "{8D20CBCA-94AA-47D4-85F6-D0059108AA91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AB9E932D-77D8-4638-8F18-B8761798D97E}" = lport=137 | protocol=17 | dir=in | app=system | "{AC6080E0-4029-4CF3-8205-C6E52D8912F4}" = rport=10243 | protocol=6 | dir=out | app=system | "{C2A5507D-B146-4A1C-A94C-4AEF502116B8}" = rport=139 | protocol=6 | dir=out | app=system | "{C945063D-6A23-44E3-BB6F-6CB0CE9A1ED1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DA6320CC-667A-4905-B4F7-0B5AC956D909}" = lport=2869 | protocol=6 | dir=in | app=system | "{E402078A-AC90-4F27-B3D7-3D186950C5F2}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035F8025-9599-49EA-AA2C-A4D11BA3AF31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{10D635CD-6118-4323-BDDD-5A33608A2E7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{12A9565F-0DAA-4281-920C-F0CD6F739271}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{160F3BA2-BDCD-434A-9D44-3AD8A93E2222}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CCEFF6E-7648-49E4-B6BA-380925F77673}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1D8729B0-5303-4241-B054-BB0929EDD9D1}" = protocol=17 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe | "{1DF08273-24B9-4653-86A7-E03279A122E5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{1F2CB82E-9ED4-4CBC-9448-CAD0BD2C62CC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{20DF35E9-4FDA-473B-AB71-5A1DE75221D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2489A458-B63A-4286-ABE1-DE094C1C9E05}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{29AFBC39-96E5-4034-904F-12187312345E}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{2AD8C4F6-462A-4824-B13D-C16FB9E789E6}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{3C5E03F6-8561-451D-A190-5F017E15D431}" = protocol=6 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe | "{3D934D8A-EC71-4396-891B-9D9D56E58205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42552912-7C53-4A9F-A63B-035B354D13D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{480D53C2-7409-42F2-A263-51FAC85D9BDD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A27D2A9-5556-4AD9-82C2-7681B8375140}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5737B500-3353-4C4B-9AA2-0B33E9C13BB6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{588485A2-0EE2-4587-B22B-E3A94BC645DF}" = protocol=58 | dir=in | [email protected],-28545 | "{5CFB89A1-E54C-4739-B545-5CB41CF59057}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5DA9C59B-AB59-4D0E-A2EF-27C47E0A17A8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{61C73BFC-D5B5-42A2-9D7F-3919AA8B2884}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7034C329-C8F4-4FA8-AB95-7B3302AB8B57}" = protocol=58 | dir=out | [email protected],-28546 | "{7757E0B6-1C39-4577-B34E-B375C1588743}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{83EFB4A7-E469-439F-A15B-13F68FE0DE8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{84E30910-D5DB-4A0E-854B-6E1C2B9AD7C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{88647E70-02AA-457C-BFA3-8CC1ED0C24E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8B02794B-66C7-45EA-B9FA-20374AFF2875}" = dir=in | app=c:\users\guerajasso\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{8DDAD5D1-9CAD-4A05-B670-462CEFFF1347}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8E6E4CCE-CBBD-43DC-A1A3-2C83DA0DF495}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{904C1F98-E2B0-4CCE-A47C-A06032073035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F4D4BBB-9551-43A1-AE12-80AA36A892C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A00FCE8D-7C1E-4E9B-9ABD-6016F1F22B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ACB74C53-8D11-40A8-B92B-694C18D84028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B435963E-EA46-48D8-981F-23C8408C5D10}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8C7211E-A206-414E-94DC-E2EDF9634E3D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbfcoms.exe | "{BD5E55D3-5078-4EDD-863F-0A20D13E798E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{C940BD65-6A5E-437E-A0C9-FC9186BD01BC}" = protocol=6 | dir=out | app=system | "{CF281505-5649-4EA6-BA59-EC19BA7021EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D08BA6D9-1E80-4F88-90A7-2A6769CAA21D}" = protocol=17 | dir=in | app=c:\windows\system32\dlbfcoms.exe | "{E1EC7E2E-F46F-403B-AF02-738B1C13549E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E2C6220E-C256-44E0-96C6-2B9468D3A412}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E578E596-EE11-4934-A7E6-3B05F19ADB16}" = protocol=1 | dir=out | [email protected],-28544 | "{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{F2C35D13-DBCD-4D99-9839-B9A08F30F84F}" = protocol=1 | dir=in | [email protected],-28543 | "TCP Query User{A48F034B-D083-4CAB-8E1D-58C204077FE7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{294A00F4-3E57-4386-B4E9-9D154EC1D4BC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit) "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software "{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Demo "{581F6FB0-46E6-42DA-98CC-ABB001386520}" = Motorola Mobile Drivers Installation 5.1.0 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{7913C2B6-272E-40E4-B0D1-453864E1E266}" = Intel® PROSet/Wireless WiMAX Software "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Creative OA001" = Integrated Webcam Driver (1.06.03.0309) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "bSaving" = bSaving "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "d7e401da23c7b846e5773f211f30697e" = NAMCO ALL-STARS - PAC-MAN "Dell Webcam Central" = Dell Webcam Central "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HTC_WModemDriver" = WModem Driver Installer "ImTranslator_Pro Toolbar" = ImTranslator Pro Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0 "MSC" = McAfee AntiVirus Plus "OpenAL" = OpenAL "Rapport_msi" = Rapport "SystemRequirementsLab" = System Requirements Lab "Unitype Applications" = Unitype Applications "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater "1 Pok" = 1 Pok "f031ef6ac137efc5" = Dell Driver Download Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/16/2013 2:04:57 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x89c, application start time 0x01ce525fdf6e29c8. Error - 5/16/2013 2:06:06 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = Error - 5/16/2013 2:59:17 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x9a0, application start time 0x01ce526776579928. Error - 5/16/2013 3:00:27 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = Error - 5/16/2013 3:04:35 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x850, application start time 0x01ce526834041dfe. Error - 5/16/2013 3:05:43 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 10/18/2009 8:22:47 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 10/18/2009 8:22:48 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3 Description = Failed or canceled [ System Events ] Error - 5/16/2013 2:04:21 PM | Computer Name = guerajasso-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 5/16/2013 2:06:08 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = DCOM | ID = 10005 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7009 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/16/2013 3:00:29 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = Error - 5/16/2013 3:05:47 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = < End of report >
  17. I am running on McAfee. It is running faster already. ; )
  18. OTL Extras logfile created on: 5/16/2013 1:23:19 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.99 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.20% Memory free 8.17 Gb Paging File | 5.82 Gb Available in Paging File | 71.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.01 Gb Total Space | 193.82 Gb Free Space | 68.48% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Drive E: | 15.00 Gb Total Space | 6.75 Gb Free Space | 44.98% Space Free | Partition Type: NTFS Computer Name: GUERAJASSO-PC | User Name: guerajasso | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data] "VistaSp2" = 6B 29 E7 8D 63 77 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{048B0E10-F8C1-48D6-88F2-BC13675A1E01}" = rport=445 | protocol=6 | dir=out | app=system | "{06EA1856-8B5A-4494-8902-A34F176D52A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{0E072534-DE8F-41E4-8658-8E98CB9BD356}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{147238FF-39E5-4C56-B9C2-DFC3B032461B}" = rport=137 | protocol=17 | dir=out | app=system | "{2013337D-BA1A-4277-8293-4AB7F56D9991}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{2078BED4-977D-4EDC-8865-D1B6878B2A30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{30DA82EF-A2AA-4A8C-9E76-57D9B415AF2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4134AA26-92EB-416B-8CEE-8EFB52179488}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{42BBACD7-63B5-49C7-ACE9-1C8253028A55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{5A4D58D8-717A-49F4-8B71-A8B6B9DCF356}" = rport=138 | protocol=17 | dir=out | app=system | "{5EC36F96-5B52-4699-89FD-8392FADFC85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{65C387FB-6CF6-4D05-8414-B780F7D50629}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CD93E7A-2266-4EE6-A563-3DA9674B7C60}" = lport=445 | protocol=6 | dir=in | app=system | "{807985AD-E560-40A0-BC4A-5E4B803DF868}" = lport=139 | protocol=6 | dir=in | app=system | "{86A9035A-4149-4E96-BE73-D3ED9D973941}" = lport=138 | protocol=17 | dir=in | app=system | "{87DEEB96-CA76-4B5D-AA30-88F30BAEEBFF}" = lport=10243 | protocol=6 | dir=in | app=system | "{8D20CBCA-94AA-47D4-85F6-D0059108AA91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AB9E932D-77D8-4638-8F18-B8761798D97E}" = lport=137 | protocol=17 | dir=in | app=system | "{AC6080E0-4029-4CF3-8205-C6E52D8912F4}" = rport=10243 | protocol=6 | dir=out | app=system | "{C2A5507D-B146-4A1C-A94C-4AEF502116B8}" = rport=139 | protocol=6 | dir=out | app=system | "{C945063D-6A23-44E3-BB6F-6CB0CE9A1ED1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DA6320CC-667A-4905-B4F7-0B5AC956D909}" = lport=2869 | protocol=6 | dir=in | app=system | "{E402078A-AC90-4F27-B3D7-3D186950C5F2}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{035F8025-9599-49EA-AA2C-A4D11BA3AF31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{10D635CD-6118-4323-BDDD-5A33608A2E7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{12A9565F-0DAA-4281-920C-F0CD6F739271}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{160F3BA2-BDCD-434A-9D44-3AD8A93E2222}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1CCEFF6E-7648-49E4-B6BA-380925F77673}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{1D8729B0-5303-4241-B054-BB0929EDD9D1}" = protocol=17 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe | "{1DF08273-24B9-4653-86A7-E03279A122E5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{1F2CB82E-9ED4-4CBC-9448-CAD0BD2C62CC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{20DF35E9-4FDA-473B-AB71-5A1DE75221D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{2489A458-B63A-4286-ABE1-DE094C1C9E05}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{29AFBC39-96E5-4034-904F-12187312345E}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{2AD8C4F6-462A-4824-B13D-C16FB9E789E6}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{3C5E03F6-8561-451D-A190-5F017E15D431}" = protocol=6 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe | "{3D934D8A-EC71-4396-891B-9D9D56E58205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{42552912-7C53-4A9F-A63B-035B354D13D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{480D53C2-7409-42F2-A263-51FAC85D9BDD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A27D2A9-5556-4AD9-82C2-7681B8375140}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{5737B500-3353-4C4B-9AA2-0B33E9C13BB6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{588485A2-0EE2-4587-B22B-E3A94BC645DF}" = protocol=58 | dir=in | [email protected],-28545 | "{5CFB89A1-E54C-4739-B545-5CB41CF59057}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5DA9C59B-AB59-4D0E-A2EF-27C47E0A17A8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{61C73BFC-D5B5-42A2-9D7F-3919AA8B2884}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{7034C329-C8F4-4FA8-AB95-7B3302AB8B57}" = protocol=58 | dir=out | [email protected],-28546 | "{7757E0B6-1C39-4577-B34E-B375C1588743}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{83EFB4A7-E469-439F-A15B-13F68FE0DE8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{84E30910-D5DB-4A0E-854B-6E1C2B9AD7C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{88647E70-02AA-457C-BFA3-8CC1ED0C24E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8B02794B-66C7-45EA-B9FA-20374AFF2875}" = dir=in | app=c:\users\guerajasso\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{8DDAD5D1-9CAD-4A05-B670-462CEFFF1347}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{8E6E4CCE-CBBD-43DC-A1A3-2C83DA0DF495}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{904C1F98-E2B0-4CCE-A47C-A06032073035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{9F4D4BBB-9551-43A1-AE12-80AA36A892C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A00FCE8D-7C1E-4E9B-9ABD-6016F1F22B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ACB74C53-8D11-40A8-B92B-694C18D84028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B435963E-EA46-48D8-981F-23C8408C5D10}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B8C7211E-A206-414E-94DC-E2EDF9634E3D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbfcoms.exe | "{BD5E55D3-5078-4EDD-863F-0A20D13E798E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{C940BD65-6A5E-437E-A0C9-FC9186BD01BC}" = protocol=6 | dir=out | app=system | "{CF281505-5649-4EA6-BA59-EC19BA7021EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D08BA6D9-1E80-4F88-90A7-2A6769CAA21D}" = protocol=17 | dir=in | app=c:\windows\system32\dlbfcoms.exe | "{E1EC7E2E-F46F-403B-AF02-738B1C13549E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | "{E2C6220E-C256-44E0-96C6-2B9468D3A412}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E578E596-EE11-4934-A7E6-3B05F19ADB16}" = protocol=1 | dir=out | [email protected],-28544 | "{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | "{F2C35D13-DBCD-4D99-9839-B9A08F30F84F}" = protocol=1 | dir=in | [email protected],-28543 | "TCP Query User{A48F034B-D083-4CAB-8E1D-58C204077FE7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{294A00F4-3E57-4386-B4E9-9D154EC1D4BC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit) "{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software "{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Demo "{581F6FB0-46E6-42DA-98CC-ABB001386520}" = Motorola Mobile Drivers Installation 5.1.0 "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{7913C2B6-272E-40E4-B0D1-453864E1E266}" = Intel® PROSet/Wireless WiMAX Software "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Creative OA001" = Integrated Webcam Driver (1.06.03.0309) "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Advanced Audio FX Engine" = Advanced Audio FX Engine "Advanced SystemCare 6_is1" = Advanced SystemCare 6 "bSaving" = bSaving "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "d7e401da23c7b846e5773f211f30697e" = NAMCO ALL-STARS - PAC-MAN "Dell Webcam Central" = Dell Webcam Central "Google Chrome" = Google Chrome "GoToAssist" = GoToAssist 8.0.0.514 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HTC_WModemDriver" = WModem Driver Installer "ImTranslator_Pro Toolbar" = ImTranslator Pro Toolbar "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0 "MSC" = McAfee AntiVirus Plus "OpenAL" = OpenAL "Rapport_msi" = Rapport "SystemRequirementsLab" = System Requirements Lab "Unitype Applications" = Unitype Applications "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater "1 Pok" = 1 Pok "f031ef6ac137efc5" = Dell Driver Download Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/16/2013 2:04:57 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x89c, application start time 0x01ce525fdf6e29c8. Error - 5/16/2013 2:06:06 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = Error - 5/16/2013 2:59:17 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x9a0, application start time 0x01ce526776579928. Error - 5/16/2013 3:00:27 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = Error - 5/16/2013 3:04:35 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000 Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception code 0x40000015, fault offset 0x000000000009986e, process id 0x850, application start time 0x01ce526834041dfe. Error - 5/16/2013 3:05:43 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 10/18/2009 8:22:47 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 10/18/2009 8:22:48 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3 Description = Failed or canceled [ System Events ] Error - 5/16/2013 2:04:21 PM | Computer Name = guerajasso-PC | Source = ACPI | ID = 327693 Description = : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. Error - 5/16/2013 2:06:08 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = DCOM | ID = 10005 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7009 Description = Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7000 Description = Error - 5/16/2013 3:00:29 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = Error - 5/16/2013 3:05:47 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034 Description = < End of report >
  19. After this OTC scan, I will run the previous one again. I did press rempve selected. This first time, I might have forgotten, but this last time... I did press it. I wil run again and press remove selected again. I hope it works this time.
  20. Okay. I am running the Malwarebytes again now. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.16.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 guerajasso :: GUERAJASSO-PC [administrator] 5/16/2013 10:50:59 AM MBAM-log-2013-05-16 (11-19-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230080 Time elapsed: 23 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\guerajasso\1os0ieiryvktk-10083.exe -> No action taken. Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\guerajasso\1os0ieiryvktk-10083.exe (Backdoor.IRCBot) -> No action taken. (end) Okay. I just completed the task. I had a box pop up upon restart this time......Intel® PROSet/Wireless Event Log Service stopped working and wa closed. A problem caused the application to stop working correctly. And the one stating Virus Alert Click to see how to remove Worm:MSIL/Necast.D has poped up again also.
  21. Okay. I am running the Malwarebytes again now. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.05.16.06 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 guerajasso :: GUERAJASSO-PC [administrator] 5/16/2013 10:50:59 AM MBAM-log-2013-05-16 (11-19-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 230080 Time elapsed: 23 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\guerajasso\1os0ieiryvktk-10083.exe -> No action taken. Registry Data Items Detected: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=302&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\guerajasso\1os0ieiryvktk-10083.exe (Backdoor.IRCBot) -> No action taken. (end)