Sheryl

May 18, 2013

I bumped it up for you !!
Stay Safe & clean !!
Thank you for my charge, those kind words make what i do worth while !! ....... "thanks" is my charge/fee !!!
I will lock this post in 5 days & if you need it re-opened just PM me or any mod here !! I do this so we have no "drive by users in your thread/post"

Thank you again. And I will tell everyone I know about BestTechie and especially you. ; )

May 18, 2013

guera, Congratulation you are clean !!! It seems as the 2 problems have stopped !
I know you may have some of these installed, this is just my standard all clean speech !
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:
* From within Internet Explorer click on the Tools menu and then click on Options.
* Click once on the Security tab
* Click once on the Internet icon so it becomes highlighted.
* Click once on the Custom Level button.
* Change the Download signed ActiveX controls to Prompt
* Change the Download unsigned ActiveX controls to Disable
* Change the Initialize and script ActiveX controls not marked as safe to Disable
* Change the Installation of desktop items to Prompt
* Change the Launching programs and files in an IFRAME to Prompt
* Change the Navigate sub-frames across different domains to Prompt
* When all these settings have been made, click on the OK button.
* If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
* Open Internet Explorer
* Click on Tools > Internet Options
* Press Security tab
* Select Internet zone then place check next to Enable Protected Mode if not already done
* Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
* Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free Online Armor Free
Agnitum Outpost Firewall Free Agnitum Outpost Firewall
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. Consider a custom hosts file such as MVPS HOSTS
This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
8.Finally, I strongly recommend that you read TonyKlein's good advice

A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download
You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.
To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)
Happy surfing and Stay Clean
Chuck
I hope i have kept my promise & your computer continues to run smooth & clean. If you have any questions or further problems please contact me here !!
Please inform your friends of our service at BT !!!!

Thank you sooo much. My computer hasn't been running "normally" for over a year. It is now running better than normal. I have not completed all of these steps that you have recommended yet, but I will as soon as I complete this post. I will definately tell everyone about your service. I wish I would have known about you sooner. You are a "Godsend". Thank you, again. ; )

P.S. Could you please bump your post on the Lovell Classifieds? I have been unable to locate it again. ; ) Thank you again.

May 18, 2013

OK !

Okay. I just finished running that Microsoft scan. It showed that it did not detect any viruses or anything on the system. I also restarted my computer and that pop up of the worm has not popped up again.

May 18, 2013

Ok lets try to fix those problems !
1. Click Start, type msconfig in the Start Search box, and then press ENTER.
2. On the General tab, click Selective Startup.
3. Under Selective Startup, click to clear the Load Startup Items check box >>> Click on the services tab
and find the one for the proset event log and uncheck it. Click "OK" and you're done.
See if that helps the IntelÂ® PROSet/Wireless Event Log Service from popping up !
Now run this to get rid of that Worm:MSIL/Necast.D >>>> http://www.microsoft.../scanner/en-gb/ <<< download & run this then let me know if you still get the 2 problems !!
Chuck

I just saw this one. Let me try it now.

May 18, 2013

Hi, how's it running ? Are you still getting the same 2 problems ?

It seems to be running better, however I am still getting the same two pop ups. When I close the first one, the pop up of the worm comes up. Everytime upon restart.

May 18, 2013

guera, we are almost done with the cleaning !
Clean up with OTL
Right-click OTL.exe and select " Run as administrator " to run it.
This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop
NEXT STEP:
Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
* When prompted allow the Add-On/Active X to install.
* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
* Now click on Advanced Settings and select the following:
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth Technology
* Now click on:
# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
# When completed the Online Scan will begin automatically.
# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
# Now click on:
# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply to this topic.
==================
IntelÂ® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.
This is usually caused by a needed update driver !!!
When I close it the Virus alert comes up regarding that "worm".
Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!
We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!
Did those appear after the ESET Scan ????
Thanks
Chuck

Okay. I just restarted my computer and the virus alert still comes up upon restart. ; (

May 18, 2013

Good evening, yes delete quarantined files then follow up with finish !!Then post me the ESET Scan fix !!
Thanks
Chuck

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined

C:\Program Files (x86)\RealArcade\Installer\bin\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\guerajasso\AppData\Local\Temp\vlsuho12a8uu6-10083.tmp Win32/Simda.P trojan cleaned by deleting - quarantined

C:\Users\Public\Downloads\10DaysUnderTheSea-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\10Talismans-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\3Days_ZooMystery-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlabamaSmith_Setup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlicesMagicalMahjong-dm (1).exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AlicesMagicalMahjong-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Ankh2HeartofOsiris-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\AnkhTheLostTreasures-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Aquitania-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\aroundtheworldin80days-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\BigCityAdventureSF_EN-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\cafe_mahjongg-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Cradle_of_Persia-v1_0-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Hide_and_Secret-v1-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Jetsetter-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\JigsawLandscapesSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LegendsotWildWestGoldenHill-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LetterLab-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\LucyQ_Setup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MagicEncyclopedia-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MahjongEscapeAncientChina-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MahJongSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Marooned-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Marooned-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MissTeriTale-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MurderSheWrote-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MyBoyfriend-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MyFantasyWeddingSetup-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\MysteryvilleSetup-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\NancyDrew_ResortingtoDanger-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\NeptunesSecret-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Pickers-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\PureHidden-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\SallysSpa-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Saqqarah-dm.exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\TheMysteriousCityPrague-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\TheMysteryoftheCrystalPortal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\WHTheInquisitor-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

C:\Users\Public\Downloads\Zeal-dm[1].exe a variant of Win32/Adware.Trymedia.A application cleaned by deleting - quarantined

E:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.B application cleaned by deleting - quarantined

Okay. I deleted scan and finished up as requested. ; )

May 18, 2013

guera, we are almost done with the cleaning !
Clean up with OTL
Right-click OTL.exe and select " Run as administrator " to run it.
This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop
NEXT STEP:
Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
* When prompted allow the Add-On/Active X to install.
* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
* Now click on Advanced Settings and select the following:
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth Technology
* Now click on:
# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
# When completed the Online Scan will begin automatically.
# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
# Now click on:
# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply to this topic.
==================
IntelÂ® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.
This is usually caused by a needed update driver !!!
When I close it the Virus alert comes up regarding that "worm".
Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!
We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!
Did those appear after the ESET Scan ????
Thanks
Chuck

This scan just completed. Do I "delete quarentined filesOr just press uninstall application on close and press finish? This scan took over 9 hours. It was a long one.

May 17, 2013

guera, we are almost done with the cleaning !
Clean up with OTL
Right-click OTL.exe and select " Run as administrator " to run it.
This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
You can now delete any tools we used if they remain on your Desktop
NEXT STEP:
Eset online scannner
You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
* Please go here >>> http://www.eset.com/...escan/index.php <<< then click on this image:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
* When prompted allow the Add-On/Active X to install.
* Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
* Now click on Advanced Settings and select the following:
o Scan for potentially unwanted applications
o Scan for potentially unsafe applications
o Enable Anti-Stealth Technology
* Now click on:
# The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
# When completed the Online Scan will begin automatically.
# Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
# When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
# Now click on:
# Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply to this topic.
==================
IntelÂ® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly.
This is usually caused by a needed update driver !!!
When I close it the Virus alert comes up regarding that "worm".
Is it your Antivirus saying this "worm" exist. Can you give me any more info because i am not seeing it, it's possible it could be a false positive given by your Antivirus !!
We can run 1 more very powerful scan & see if it appears if you want !! Usually a worm will appear in one of the tools/programs we used. Lets see what ESET says before we do any other tools !! !!
Did those appear after the ESET Scan ????
Thanks
Chuck

Okay. Let me start this process now. I will let you know.

May 17, 2013

Here are the results....

All processes killed

Error: Unable to interpret <:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not foundO3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not foundO4:64bit: - HKLM..\Run: [intelWirelessWiMAX] OSPLASH File not foundO4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex> in the current context!

Error: Unable to interpret <.exe" -hide -runkey File not foundO4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not foundO4 - HKLM..\Run: [] File not foundO4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value found@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778> in the current context!

Error: Unable to interpret <D0@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46[HKEY_USERS\S-1-5-21-2943996986-> in the current context!

Error: Unable to interpret <3391541806-3619402730-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not foundipconfig /flushdns :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 05172013_083356

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Upon restart, this pops up.... Intel® PROset/Wireless Event Log Service stopped working and was closed A problem caused the application to stop working correctly. Windows will notify you if a solution is available. When I close it the Virus alert comes up regarding that "worm".

May 17, 2013

Great job, ok lets take care of what i found in the OTL log !!

We need to Run an OTL fix !!

* Double-click OTL.exe to start the program.

* Copy and Paste the following code into the . Do not include the word Code

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not found
O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] OSPLASH File not found
O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found
O4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778D0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46
[HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

ipconfig /flushdns 
:Commands
[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

# Then click the Run Fix button at the top.

# Click

# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.

Remember to enable your real time protection.

Let me know how it's running & if you are still geting that notice of Virus Alert Click to see how to remove Worm:MSIL/Necast.D ???

Okay. I will run this now.

May 17, 2013

Okay. Here are the results from that last scan....

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 08:16:16

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (64 bits)

# User : guerajasso - GUERAJASSO-PC

# Boot Mode : Normal

# Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\ParetoLogic

Deleted on reboot : C:\Program Files (x86)\ImTranslator_Pro

Deleted on reboot : C:\ProgramData\ParetoLogic

Deleted on reboot : C:\Users\guerajasso\AppData\Local\APN

Deleted on reboot : C:\Users\guerajasso\AppData\Local\PackageAware

Deleted on reboot : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro

Deleted on reboot : C:\Users\guerajasso\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\ImTranslator_Pro

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\Software\GamesBarSetup

Key Deleted : HKLM\Software\ImTranslator_Pro

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8720 octets] - [17/05/2013 07:46:33]

AdwCleaner[R2].txt - [8780 octets] - [17/05/2013 08:15:44]

AdwCleaner[s1].txt - [8606 octets] - [17/05/2013 08:16:16]

########## EOF - C:\AdwCleaner[s1].txt - [8666 octets] ##########

May 17, 2013

guera, anything we remove can always be re-downloaded if you ever need them !!
Run this again please & make sure you click "DELETE" this time !!
AdwCleaner
* Close all open programs and internet browsers.
* Double click on adwcleaner.exe to run the tool.
* Click on Delete.
* Confirm each time with Ok.
* You will be prompted to restart your computer. A text file will open after the restart.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[s1].txt as well.
Post log please !
Thanks
Chuck

Okay. I will do this now.

May 17, 2013

DO YOU USE THIS >> Folder Found : C:\Program Files (x86)\ImTranslator_Pro <<<< AdwCleaner wants to get rid of it, i agree unless you want to keep it !!!

No. I haven't used it for a long time. About 3 years. It can go.

May 17, 2013

Ok, lets get rid of those found before we get to OTL fix !! I be right back !!
Chuck

Okay.

May 17, 2013

Here are the results of the latest scan....

# AdwCleaner v2.301 - Logfile created 05/17/2013 at 07:46:33

# Updated 16/05/2013 by Xplode

# Operating system : Windows Vista Ultimate Service Pack 2 (64 bits)

# User : guerajasso - GUERAJASSO-PC

# Boot Mode : Normal

# Running from : C:\Users\guerajasso\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\ParetoLogic

Folder Found : C:\Program Files (x86)\ImTranslator_Pro

Folder Found : C:\ProgramData\ParetoLogic

Folder Found : C:\Users\guerajasso\AppData\Local\APN

Folder Found : C:\Users\guerajasso\AppData\Local\PackageAware

Folder Found : C:\Users\guerajasso\AppData\LocalLow\ImTranslator_Pro

Folder Found : C:\Users\guerajasso\AppData\Roaming\ParetoLogic

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\ImTranslator_Pro

Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ImTranslator_Pro Toolbar

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Found : HKLM\Software\GamesBarSetup

Key Found : HKLM\Software\ImTranslator_Pro

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\16ca527acca502b0a7ca4402d62953e3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\235f0b7acdec5d429d95067dc24cc49d

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\2b8c26f7c521c6b43707d1bb48cade3e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\310fe0ed83e67ea82706269a05741425

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\407b2b7d78b4770b44534445b4026279

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\45e981e54a93e1509535087b86bc79fc

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\4db053a3f47cb455585bb613f51bfd62

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\56722feb11851ebe20e6a5b00d422936

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\5aa7408e5b0146fa787852a141107a3f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6afa8fea32fd88ebdb03a19835ae3af9

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6b9bf079d46f8f490c469324addf9371

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\71fdf6bf2af349324d7052b7b2a2877a

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\721467bcc4e15a6924882fb6ebfda4d8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7ce5618380a8cb33b39c2d97120344ad

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\8179fe3d04e62d0b6f24b455baa1e748

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\926e40c2d34ab23b587c025dab0456c3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9280abf320fc34a8cd42a6bf535bdad8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\92d5c21f4f5e003bc73a158b9ca1d61c

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\aa9149de3eeb833dee102ad6c0db12d2

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\b7f34f3711ad02e9d847f7254e76fba8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c20a181fca558fca59e8489f26502d7f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\c9b6c16c1bf948f50380f5450252e7c0

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cc03d4b9b243adb1c86e5731e559a7c6

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ce82dc7adc525b36e842b492de14ca27

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\cf9cfa5a065134ad406bcec214d61094

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d10daff1c5cd7e6e06ad24c1a5400c52

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d569913f2832560bd8a35acd54940d1e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7afb11673946b28f0a0c5aa1221ebe3

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\d7e401da23c7b846e5773f211f30697e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dee5a4df02fd744bdf601aed0fb7d5f0

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e079763105a428abb6dbb603a1db327f

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f32a6cce521774696c3fa4baec9a66d8

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f58763540a6e0aca74349b236087386e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f7d9bffa6ab7a1525416060836ebcd3e

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f94da10858403444ee93262a847ac4de

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fb0c4da9318e04dfcd0641faa9b0dfe5

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbbcf439077dce70c4cb464a83f1b514

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72B97D8F-4F01-4DAB-944B-F9697D51F3B6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26E6FF83-44ED-4031-BCF1-6BAF8ECF1EB1}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A89EC5F-8EC1-456F-8E2B-16AEF5D611BC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ImTranslator_Pro Toolbar

Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [8599 octets] - [17/05/2013 07:46:33]

########## EOF - C:\AdwCleaner[R1].txt - [8659 octets] ##########

May 17, 2013

guera, hold off on the run of scan disk & defrag until we are threw please !!! Sometimes it can make things more difficult !! That's why i posted in the first post
So Do Not Remove anything or run any tools/programs until advised to do so !
Ok, lets continue with the cleaning. There is a bunch in the OTL log we need to remove but first run this scan for me !!
Please download adwcleaner by Xplode onto your desktop..
* Double click on AdwCleaner.exe to run the tool.
* Click on Search.
* A logfile will automatically open after the scan has finished.
* Please post the contents of that logfile with your next reply.
* You can find the logfile at C:\AdwCleaner[R1].txt as well.
Post that log before we deal with OTL junk to remove !!
Thanks
Chuck

I'm sorry. I did not receive this last night. I will now run this latest scan as requested.

May 16, 2013

These are the results of my last scan of Malwarebytes....

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.05.16.09

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

guerajasso :: GUERAJASSO-PC [administrator]

5/16/2013 2:28:54 PM

mbam-log-2013-05-16 (14-28-54).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 228380

Time elapsed: 16 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

It states the scan was completed successfully. No malicious items detected.

I am going to run a scan disk and then a defrag, then I will await your response tomorrow morning. Thank you so much for your help so far. ; )

May 16, 2013

OTL logfile created on: 5/16/2013 2:05:09 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.41% Memory free

8.17 Gb Paging File | 5.77 Gb Available in Paging File | 70.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.01 Gb Total Space | 193.81 Gb Free Space | 68.48% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Drive E: | 15.00 Gb Total Space | 6.75 Gb Free Space | 44.98% Space Free | Partition Type: NTFS

Computer Name: GUERAJASSO-PC | User Name: guerajasso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/16 14:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr

PRC - [2013/05/14 12:55:49 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe

PRC - [2013/05/11 09:52:33 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

PRC - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe

PRC - [2013/02/13 10:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe

PRC - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/07/16 10:00:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

PRC - [2009/07/16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2009/05/21 07:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe

PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/02/04 20:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/01/09 12:49:08 | 000,405,639 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/15 15:35:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll

MOD - [2013/05/15 15:04:16 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll

MOD - [2013/02/18 08:48:21 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll

MOD - [2013/01/09 21:56:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll

MOD - [2013/01/09 21:55:39 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll

MOD - [2013/01/09 21:54:19 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll

MOD - [2013/01/09 21:54:08 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll

MOD - [2012/11/03 17:32:46 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\46125\RapportMS.dll

MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

MOD - [2011/04/26 14:22:44 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/07/16 10:00:00 | 000,410,864 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

MOD - [2009/07/16 09:59:00 | 000,234,736 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2009/07/16 09:59:00 | 000,128,240 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2009/07/16 09:59:00 | 000,121,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2009/07/16 09:59:00 | 000,111,856 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2009/07/16 09:59:00 | 000,079,088 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2009/07/16 09:59:00 | 000,074,992 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2009/07/16 09:58:00 | 001,123,568 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2009/07/16 09:58:00 | 000,115,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll

MOD - [2009/04/09 15:29:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2009/05/06 00:28:34 | 000,948,736 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)

SRV:64bit: - [2009/03/30 06:25:18 | 000,268,288 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe -- (STacSV)

SRV:64bit: - [2009/03/30 06:24:46 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe -- (AESTFilters)

SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2008/12/11 17:33:20 | 000,399,872 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)

SRV:64bit: - [2008/12/11 17:32:52 | 003,551,744 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)

SRV:64bit: - [2008/10/16 17:05:00 | 001,449,984 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2008/10/16 16:27:20 | 000,826,368 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2008/01/20 20:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2008/01/20 20:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2007/03/09 16:51:12 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbfcoms.exe -- (dlbf_device)

SRV - [2013/05/14 12:55:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/25 17:52:42 | 000,528,192 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)

SRV - [2013/02/13 10:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2011/04/26 14:23:02 | 000,223,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/09/18 18:44:43 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/07/16 09:59:00 | 000,648,432 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2013/02/13 10:19:12 | 000,236,248 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\RapportKE64.sys -- (RapportKE64)

DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)

DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/05/15 09:45:04 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)

DRV:64bit: - [2011/04/04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgp.sys -- (motccgp)

DRV:64bit: - [2011/03/31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motmodem.sys -- (motmodem)

DRV:64bit: - [2010/08/27 12:08:14 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2010/03/08 13:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HtcVComV64.sys -- (HtcVCom32)

DRV:64bit: - [2010/03/08 13:03:54 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\HtcUsbMdmV64.sys -- (HtcUsbMdmV64)

DRV:64bit: - [2010/03/08 11:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)

DRV:64bit: - [2010/01/25 19:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motusbdevice.sys -- (motusbdevice)

DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2009/05/28 23:52:36 | 005,437,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64)

DRV:64bit: - [2009/05/06 00:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)

DRV:64bit: - [2009/05/06 00:28:38 | 005,263,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/04/27 01:05:56 | 000,230,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/04/10 23:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/03/30 06:25:34 | 000,477,696 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)

DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)

DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)

DRV:64bit: - [2009/02/23 04:34:02 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bpusb.sys -- (bpusb)

DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motccgpfl.sys -- (motccgpfl)

DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motfilt.sys -- (BTCFilterService)

DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/12/30 20:00:22 | 000,172,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2008/12/01 10:35:32 | 000,028,160 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\bpprot.sys -- (BPPROT)

DRV:64bit: - [2008/12/01 10:35:28 | 000,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bpmp.sys -- (bpmp)

DRV:64bit: - [2008/12/01 10:35:20 | 000,037,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bpenum.sys -- (bpenum)

DRV:64bit: - [2008/07/17 04:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)

DRV:64bit: - [2008/07/17 04:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)

DRV:64bit: - [2008/07/17 04:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2008/07/16 05:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2008/01/20 20:48:54 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)

DRV:64bit: - [2008/01/20 20:46:02 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)

DRV:64bit: - [2007/11/14 02:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motswch.sys -- (MotoSwitchService)

DRV - [2013/02/28 19:19:38 | 000,585,944 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys -- (RapportCerberus_50414)

DRV - [2013/02/13 10:19:12 | 000,357,272 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)

DRV - [2013/02/13 10:19:12 | 000,228,760 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)

DRV - [2009/05/25 15:43:58 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\SMSIVZAM5X64.sys -- (SMSIVZAM5X64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKLM\..\URLSearchHook: {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\guerajasso\Desktop

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.msn.com/

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\guerajasso\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/14 18:44:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/03/05 21:54:23 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}

CHR - homepage: http://www.google.com/

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gears.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

CHR - Extension: Sammsoft Toolbar = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaanpaddaaoffccehffldolecpkgpej\7.17.0.0_0\

CHR - Extension: Entanglement = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\

CHR - Extension: SiteAdvisor = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\

CHR - Extension: SiteAdvisor = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\

CHR - Extension: Poppit = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\guerajasso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

O1 HOSTS File: ([2010/11/23 04:29:53 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627212338.dll (McAfee, Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627212338.dll (McAfee, Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (bSaving) - {DFA2ED70-FC49-11E1-8DF2-9713F663AF89} - C:\Program Files (x86)\bSaving\4e7df7809fab12ca1999da15f5fb2ce2.dll File not found

O2 - BHO: (ImTranslator Pro Toolbar) - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (ImTranslator Pro Toolbar) - {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.)

O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000\..\Toolbar\WebBrowser: (ImTranslator Pro Toolbar) - {FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB} - C:\Program Files (x86)\ImTranslator_Pro\prxtbImTr.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [Apoint] T.EXE File not found

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] OSPLASH File not found

O4:64bit: - HKLM..\Run: [MSC] "C:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey File not found

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Defender] DER\MSASCUI.EXE -HIDE File not found

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found

O4 - HKU\S-1-5-21-2943996986-3391541806-3619402730-1000..\Run: [Facebook Update] C:\Users\guerajasso\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4CAEDB95-8340-404C-9F1C-6C31CEB12310}: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\guerajasso\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\guerajasso\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]

O33 - MountPoints2\{12d51b17-fa35-11de-8627-0026b9017750}\Shell\AutoRun\command - "" = G:\CA_EdgeLitemobile.exe

O33 - MountPoints2\{17a22904-3e00-11e0-9186-0026b9017750}\Shell - "" = AutoRun

O33 - MountPoints2\{17a22904-3e00-11e0-9186-0026b9017750}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{252e9715-cae1-11e1-ae2b-0026b9017750}\Shell - "" = AutoRun

O33 - MountPoints2\{252e9715-cae1-11e1-ae2b-0026b9017750}\Shell\AutoRun\command - "" = H:\setup.exe -a

O33 - MountPoints2\{337084a8-f7c4-11de-94f2-0026b9017750}\Shell - "" = AutoRun

O33 - MountPoints2\{337084a8-f7c4-11de-94f2-0026b9017750}\Shell\AutoRun\command - "" = G:\DPFMate.exe

O33 - MountPoints2\{4d75ab51-c174-11df-9b2e-0026b9017750}\Shell - "" = AutoRun

O33 - MountPoints2\{4d75ab51-c174-11df-9b2e-0026b9017750}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe

O33 - MountPoints2\{4d75ab68-c174-11df-9b2e-0026b9017750}\Shell - "" = AutoRun

O33 - MountPoints2\{4d75ab68-c174-11df-9b2e-0026b9017750}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/16 14:01:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr

[2013/05/16 13:20:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.com

[2013/05/16 13:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2013/05/16 11:39:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/05/16 11:38:55 | 000,000,000 | ---D | C] -- C:\JRT

[2013/05/16 11:36:56 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\guerajasso\Desktop\JRT.exe

[2013/05/16 10:49:53 | 000,000,000 | ---D | C] -- C:\Users\guerajasso\AppData\Roaming\Malwarebytes

[2013/05/16 10:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/16 10:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/16 10:49:11 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/16 10:49:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/16 10:47:11 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\guerajasso\Desktop\mbam-setup-1.75.0.1300.exe

[2013/05/16 09:31:38 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\guerajasso\Desktop\aswMBR.exe

[2013/05/15 09:47:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/15 09:47:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/15 09:46:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/15 09:46:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/15 09:46:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/15 09:46:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/15 09:46:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/15 09:46:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/15 09:46:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/15 09:46:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/15 09:46:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/15 09:46:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/15 09:46:53 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/15 09:46:53 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/15 09:46:53 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/15 07:10:55 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2009/12/01 09:32:43 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\guerajasso\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2013/05/16 14:01:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.scr

[2013/05/16 13:58:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/16 13:55:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/16 13:27:03 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2943996986-3391541806-3619402730-1000UA.job

[2013/05/16 13:20:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\guerajasso\Desktop\OTL.com

[2013/05/16 13:11:03 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk

[2013/05/16 13:04:50 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cd921058bbf9d8.job

[2013/05/16 13:04:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/16 13:04:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/16 13:04:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/16 12:11:37 | 000,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2013/05/16 11:36:57 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\guerajasso\Desktop\JRT.exe

[2013/05/16 10:47:19 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\guerajasso\Desktop\mbam-setup-1.75.0.1300.exe

[2013/05/16 09:32:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\guerajasso\Desktop\aswMBR.exe

[2013/05/15 18:00:01 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\PC Utility Kit Registration3.job

[2013/05/15 16:27:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2943996986-3391541806-3619402730-1000Core.job

[2013/05/15 14:47:00 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/15 14:38:36 | 000,272,840 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/15 09:36:42 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/15 09:36:42 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/05/14 12:55:50 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/14 12:55:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2012/11/22 19:10:29 | 000,002,793 | ---- | C] () -- C:\Users\guerajasso\AppData\Roaming\log.sflog

[2012/05/31 22:12:40 | 000,721,764 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/11/29 23:50:19 | 000,000,006 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\start

[2010/01/04 16:27:41 | 000,007,220 | -H-- | C] () -- C:\Users\guerajasso\AppData\Local\slot1.mm1

[2009/10/10 16:05:33 | 000,029,216 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\UserTile.png

[2009/09/25 19:39:40 | 000,009,728 | ---- | C] () -- C:\Users\guerajasso\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/25 13:37:04 | 000,007,052 | ---- | C] () -- C:\Users\guerajasso\AppData\Local\d3d9caps.dat

[2009/09/25 10:35:06 | 000,002,164 | -H-- | C] () -- C:\Users\guerajasso\AppData\Roaming\install.dat

========== ZeroAccess Check ==========

[2006/11/02 09:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:01 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:03DF2E8E

@Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\Women's Wellness Letterhead.doc:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\OUTREACH WORKER.doc:Roxio EMC Stream

@Alternate Data Stream - 76 bytes -> C:\Users\guerajasso\Documents\ATT00197.dat:Roxio EMC Stream

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:03B3646C

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BB8B6B1E

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:37A3BA29

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:48C1DDAA

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:B30D9A49

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7B2778D0

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:59120004

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:17844542

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:C40E212B

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:ACD70D8B

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:981349EA

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:00479775

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:1CB4A530

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CBAC0054

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:5F95AE81

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D109DC55

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:F9A9573A

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:BD871799

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:F2E53CFE

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:43CFCEB7

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:8437DC46

< End of report >

OTL Extras logfile created on: 5/16/2013 2:05:09 PM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 56.41% Memory free

8.17 Gb Paging File | 5.77 Gb Available in Paging File | 70.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.01 Gb Total Space | 193.81 Gb Free Space | 68.48% Space Free | Partition Type: NTFS

Drive D: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS

Drive E: | 15.00 Gb Total Space | 6.75 Gb Free Space | 44.98% Space Free | Partition Type: NTFS

Computer Name: GUERAJASSO-PC | User Name: guerajasso | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

"VistaSp2" = 6B 29 E7 8D 63 77 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{048B0E10-F8C1-48D6-88F2-BC13675A1E01}" = rport=445 | protocol=6 | dir=out | app=system |

"{06EA1856-8B5A-4494-8902-A34F176D52A4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{0E072534-DE8F-41E4-8658-8E98CB9BD356}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{147238FF-39E5-4C56-B9C2-DFC3B032461B}" = rport=137 | protocol=17 | dir=out | app=system |

"{2013337D-BA1A-4277-8293-4AB7F56D9991}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2078BED4-977D-4EDC-8865-D1B6878B2A30}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{30DA82EF-A2AA-4A8C-9E76-57D9B415AF2D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4134AA26-92EB-416B-8CEE-8EFB52179488}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{42BBACD7-63B5-49C7-ACE9-1C8253028A55}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5A4D58D8-717A-49F4-8B71-A8B6B9DCF356}" = rport=138 | protocol=17 | dir=out | app=system |

"{5EC36F96-5B52-4699-89FD-8392FADFC85A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{65C387FB-6CF6-4D05-8414-B780F7D50629}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{6CD93E7A-2266-4EE6-A563-3DA9674B7C60}" = lport=445 | protocol=6 | dir=in | app=system |

"{807985AD-E560-40A0-BC4A-5E4B803DF868}" = lport=139 | protocol=6 | dir=in | app=system |

"{86A9035A-4149-4E96-BE73-D3ED9D973941}" = lport=138 | protocol=17 | dir=in | app=system |

"{87DEEB96-CA76-4B5D-AA30-88F30BAEEBFF}" = lport=10243 | protocol=6 | dir=in | app=system |

"{8D20CBCA-94AA-47D4-85F6-D0059108AA91}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{AB9E932D-77D8-4638-8F18-B8761798D97E}" = lport=137 | protocol=17 | dir=in | app=system |

"{AC6080E0-4029-4CF3-8205-C6E52D8912F4}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C2A5507D-B146-4A1C-A94C-4AEF502116B8}" = rport=139 | protocol=6 | dir=out | app=system |

"{C945063D-6A23-44E3-BB6F-6CB0CE9A1ED1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{DA6320CC-667A-4905-B4F7-0B5AC956D909}" = lport=2869 | protocol=6 | dir=in | app=system |

"{E402078A-AC90-4F27-B3D7-3D186950C5F2}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{035F8025-9599-49EA-AA2C-A4D11BA3AF31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{10D635CD-6118-4323-BDDD-5A33608A2E7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{12A9565F-0DAA-4281-920C-F0CD6F739271}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{160F3BA2-BDCD-434A-9D44-3AD8A93E2222}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1CCEFF6E-7648-49E4-B6BA-380925F77673}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{1D8729B0-5303-4241-B054-BB0929EDD9D1}" = protocol=17 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe |

"{1DF08273-24B9-4653-86A7-E03279A122E5}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{1F2CB82E-9ED4-4CBC-9448-CAD0BD2C62CC}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{20DF35E9-4FDA-473B-AB71-5A1DE75221D4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{2489A458-B63A-4286-ABE1-DE094C1C9E05}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{29AFBC39-96E5-4034-904F-12187312345E}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{2AD8C4F6-462A-4824-B13D-C16FB9E789E6}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{3C5E03F6-8561-451D-A190-5F017E15D431}" = protocol=6 | dir=in | app=c:\users\guerajasso\appdata\local\temp\7zs7c03.tmp\symnrt.exe |

"{3D934D8A-EC71-4396-891B-9D9D56E58205}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{42552912-7C53-4A9F-A63B-035B354D13D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{480D53C2-7409-42F2-A263-51FAC85D9BDD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{4A27D2A9-5556-4AD9-82C2-7681B8375140}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{5737B500-3353-4C4B-9AA2-0B33E9C13BB6}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |

"{588485A2-0EE2-4587-B22B-E3A94BC645DF}" = protocol=58 | dir=in | [email protected],-28545 |

"{5CFB89A1-E54C-4739-B545-5CB41CF59057}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{5DA9C59B-AB59-4D0E-A2EF-27C47E0A17A8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

"{61C73BFC-D5B5-42A2-9D7F-3919AA8B2884}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7034C329-C8F4-4FA8-AB95-7B3302AB8B57}" = protocol=58 | dir=out | [email protected],-28546 |

"{7757E0B6-1C39-4577-B34E-B375C1588743}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{83EFB4A7-E469-439F-A15B-13F68FE0DE8F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{84E30910-D5DB-4A0E-854B-6E1C2B9AD7C6}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |

"{88647E70-02AA-457C-BFA3-8CC1ED0C24E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8B02794B-66C7-45EA-B9FA-20374AFF2875}" = dir=in | app=c:\users\guerajasso\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{8DDAD5D1-9CAD-4A05-B670-462CEFFF1347}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{8E6E4CCE-CBBD-43DC-A1A3-2C83DA0DF495}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{904C1F98-E2B0-4CCE-A47C-A06032073035}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9F4D4BBB-9551-43A1-AE12-80AA36A892C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A00FCE8D-7C1E-4E9B-9ABD-6016F1F22B12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{ACB74C53-8D11-40A8-B92B-694C18D84028}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B435963E-EA46-48D8-981F-23C8408C5D10}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B8C7211E-A206-414E-94DC-E2EDF9634E3D}" = protocol=6 | dir=in | app=c:\windows\system32\dlbfcoms.exe |

"{BD5E55D3-5078-4EDD-863F-0A20D13E798E}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

"{C940BD65-6A5E-437E-A0C9-FC9186BD01BC}" = protocol=6 | dir=out | app=system |

"{CF281505-5649-4EA6-BA59-EC19BA7021EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D08BA6D9-1E80-4F88-90A7-2A6769CAA21D}" = protocol=17 | dir=in | app=c:\windows\system32\dlbfcoms.exe |

"{E1EC7E2E-F46F-403B-AF02-738B1C13549E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{E2C6220E-C256-44E0-96C6-2B9468D3A412}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{E578E596-EE11-4934-A7E6-3B05F19ADB16}" = protocol=1 | dir=out | [email protected],-28544 |

"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |

"{F2C35D13-DBCD-4D99-9839-B9A08F30F84F}" = protocol=1 | dir=in | [email protected],-28543 |

"TCP Query User{A48F034B-D083-4CAB-8E1D-58C204077FE7}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{294A00F4-3E57-4386-B4E9-9D154EC1D4BC}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst

"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit)

"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software

"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Demo

"{581F6FB0-46E6-42DA-98CC-ABB001386520}" = Motorola Mobile Drivers Installation 5.1.0

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{7913C2B6-272E-40E4-B0D1-453864E1E266}" = Intel® PROSet/Wireless WiMAX Software

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{106DADAD-B062-4de5-8D1F-3FD2AD195E49}" = PC Utility Kit

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{34386C65-FD55-CEBD-AF7F-5126751BAA98}" = Catalyst Control Center InstallProxy

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{4BF021F7-37A7-4086-B4F1-D5914925D18B}" = VZAccess Manager

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.5

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"Advanced SystemCare 6_is1" = Advanced SystemCare 6

"bSaving" = bSaving

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"d7e401da23c7b846e5773f211f30697e" = NAMCO ALL-STARS - PAC-MAN

"Dell Webcam Central" = Dell Webcam Central

"Google Chrome" = Google Chrome

"GoToAssist" = GoToAssist 8.0.0.514

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HTC_WModemDriver" = WModem Driver Installer

"ImTranslator_Pro Toolbar" = ImTranslator Pro Toolbar

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"MotoHelper" = MotoHelper 2.0.51 Driver 5.1.0

"MSC" = McAfee AntiVirus Plus

"OpenAL" = OpenAL

"Rapport_msi" = Rapport

"SystemRequirementsLab" = System Requirements Lab

"Unitype Applications" = Unitype Applications

"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2943996986-3391541806-3619402730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = Support.com Toolbar Updater

"1 Pok" = 1 Pok

"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/16/2013 2:04:57 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000

Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca,

faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception

code 0x40000015, fault offset 0x000000000009986e, process id 0x89c, application start

time 0x01ce525fdf6e29c8.

Error - 5/16/2013 2:06:06 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/16/2013 2:59:17 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000

Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca,

faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception

code 0x40000015, fault offset 0x000000000009986e, process id 0x9a0, application start

time 0x01ce526776579928.

Error - 5/16/2013 3:00:27 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10

Description =

Error - 5/16/2013 3:04:35 PM | Computer Name = guerajasso-PC | Source = Application Error | ID = 1000

Description = Faulting application EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca,

faulting module EvtEng.exe, version 12.2.0.0, time stamp 0x48f7f2ca, exception

code 0x40000015, fault offset 0x000000000009986e, process id 0x850, application start

time 0x01ce526834041dfe.

Error - 5/16/2013 3:05:43 PM | Computer Name = guerajasso-PC | Source = WinMgmt | ID = 10

Description =

[ Dell Events ]

Error - 10/18/2009 8:22:47 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3

Description = Failed or canceled

Error - 10/18/2009 8:22:48 PM | Computer Name = guerajasso-PC | Source = DataSafe | ID = 3

Description = Failed or canceled

[ System Events ]

Error - 5/16/2013 2:04:21 PM | Computer Name = guerajasso-PC | Source = ACPI | ID = 327693

Description = : The embedded controller (EC) did not respond within the specified

timeout period. This may indicate that there is an error in the EC hardware or

firmware or that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations, this error

may cause the computer to function incorrectly.

Error - 5/16/2013 2:06:08 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = DCOM | ID = 10005

Description =

Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 5/16/2013 2:10:53 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 5/16/2013 3:00:29 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034

Description =

Error - 5/16/2013 3:05:47 PM | Computer Name = guerajasso-PC | Source = Service Control Manager | ID = 7034

Description =

< End of report >

May 16, 2013

guera,go ahead & post the logs. I have to leave for the rest of the day but we will continue this in the morning ! You are not showing any infections yet but i want to make sure everything is good !
Worm:MSIL/Necast.D has been renamed to TrojanDownloader:Win32/Delf.PG.
That infection, if actually present is what is knows as a Backdoor Trojan we will search & see if it does exist !!
Thanks
Chuck
It should be running faster already, what antivirus are you running ??

I am running on McAfee. It is running faster already. ; )

May 16, 2013

Some of these tools take a while depending on how fast your computer is & how much they are finding !! So don't get discouraged, just hang in there until i give you the "All Clean".
Chuck

OTL Extras logfile created on: 5/16/2013 1:23:19 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\guerajasso\Desktop

64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 57.20% Memory free

8.17 Gb Paging File | 5.82 Gb Available in Paging File | 71.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283.01 Gb Total Space | 193.82 Gb Free Space | 68.48% Space Free | Partition Type: NTFS