Solved Iexplore.exe malware and search redirect

OTL Extras logfile created on: 10/22/2011 10:29:44 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianca Castro\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 83.70% Memory free
3.13 Gb Paging File | 2.85 Gb Available in Paging File | 91.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.80 Gb Total Space | 174.04 Gb Free Space | 78.47% Space Free | Partition Type: NTFS
Drive D: | 11.08 Gb Total Space | 3.84 Gb Free Space | 34.67% Space Free | Partition Type: NTFS

Computer Name: ANA-PC | User Name: Bianca Castro | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D203476-728D-4787-917E-916AD3B4768B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49B968FB-5437-4194-B587-218B98E182B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F06EF20E-41CF-424E-A656-B64AC24A6471}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3A6354-BF5E-4B9B-8521-BD5F4AFD291B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{0FF6AB86-E78C-419F-A4AE-482BC56837C7}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{12AC89C6-5304-4F95-98CA-D725D6E117D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13D69D4F-0650-450C-A2AC-180F9C2EB3CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{19729D78-219B-4C27-9A50-F85859801098}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{199EAAFE-1B5E-400D-ABEF-46F6C86E1F3A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{1A8A953C-A802-403D-8BB3-2A45AC06C1CD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1C397E6B-3398-4F7B-A6CC-E81C165C03E0}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{33414B26-314E-4BE8-B70E-FDE746192164}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{378BC93F-D96A-40EA-B0F3-0EFF7CA3E8FA}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{4821A3C9-83BF-47D8-925A-05A82D1834F2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{487E1D36-8756-40EF-B193-643533FB6F6C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{494E2165-A6A8-4386-9C88-1186C54D9397}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A54C080-E60C-4747-959D-F0295091B0AC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{54E2CBCB-B1E4-4470-8FB5-3F1C943248A0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{64DF48CA-1DC8-4E44-8638-3A390D5AE626}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{651BD865-9AAC-4ADD-99F7-8289CBFC6F1B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{66C2ED24-BF56-4EC9-B270-CE66DA75CBC0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{6B5EE5CA-CF9A-494E-8634-E4EFB498F848}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{705E7065-92E4-4F2E-A4EE-421C6EC8AE7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{71C8212D-4A34-4CF0-A317-09241B7887B0}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{74D5EF7B-937D-4123-8AED-ED4899EB4DF8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{887E19DD-447A-4C33-890A-6C1F36076FBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91724186-E22B-44FE-B57E-71AAB1976220}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{96807EC9-F9FC-484F-AC77-4073A0BFAF64}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9DE5263B-AD44-49C9-BBBE-0C0722D2D9FF}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{A0FF2A8C-5DB1-40F4-8F43-D2619A71DA14}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A70ABB80-E403-43E7-8C9D-BEF5E8E5212F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A8B019B9-AB29-4C72-9852-9E1CDBC80D34}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B2770954-9FA2-4407-AAD9-7312C5DC03A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B2C2EE4A-9516-4DB1-91EF-7DC592683187}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B5BFCF84-0B38-4483-B3C4-3F10D2AF3B11}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B5D204F7-4BC9-446D-ACA5-8ED11719E2B5}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{BD411F8E-8A32-4CC4-8545-773880040739}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C42A751D-B014-40CF-BB07-1C278B90A071}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C5BEA1F3-9400-4DD1-8398-A4ABF10505BA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C68ED48D-039C-4758-905D-4EF8C88DDB46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C8560F4F-FBE9-4178-83CA-4F6EEB90C158}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CE23F9D9-37E2-4A69-873E-8F7DB67ECDEC}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{CF9B3465-6235-41BF-8BBF-60481B5002C5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D1BA2837-DD82-4EC9-972D-0B7FC32E851C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{DECBC31D-6323-4229-AC74-682659BA370E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E16B19F4-FCBC-4A91-BCD8-DF842F623D18}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E206EB3D-1C19-41DD-80CB-7C150F9E11EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0A2CDFC-DC30-43B7-9147-3B96AB2C3637}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F5B61F00-E909-4A04-B544-988D79FA11CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F6A1B77B-962E-4ABA-8938-9D3D0FF5A5D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F9325271-1FAC-4A8C-A037-9C67954E3B24}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1202607635\ee\aolsoftware.exe |
"{FB1300CB-BCEF-417E-BEE7-95B23E75306F}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{FB2DA08C-B4B1-4556-B984-8F5B47226319}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1202607635\ee\aolsoftware.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{802FC973-4729-4735-A731-D692AA1AC339}" = Browser Highlighter - Firefox
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FE5BB5C7-BD6E-4F90-82FD-6DB7B3781BE9}" = Marvell(R) Wireless Card Software Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_7" = AIM 7
"Aleks 3.14" = Aleks 3.14
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG" = AVG 2012
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"EADM" = EA Download Manager
"FrostWire" = FrostWire 4.21.1
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (vToolbarUpdater)
    SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/08/23 00:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2011/10/17 22:28:32 | 000,000,000 | -HSD | C] -- C:\Users\Bianca Castro\AppData\Local\b03d3e64
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    [2011/10/18 15:26:47 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/18 15:26:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/18 15:26:44 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Ran the fix then had to reboot it, let it try booting in normal mode but no luck got blue screened. Than ran the fix again, rebooted in safe mode but there is no log or text file that i can see that OTL created.
 
Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
 
==================================================
Dump File : Mini082311-01.dmp
Crash Time : 8/23/2011 12:17:39 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0xb89a4038
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x81ecd713
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+5ad54
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18538 (vistasp1_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+5ad54
Stack Address 1 : ntkrnlpa.exe+b5713
Stack Address 2 : NETIO.SYS+9594
Stack Address 3 : tcpip.sys+2d56f
Computer Name :
Full Path : C:\Windows\Minidump\Mini082311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 138,904
==================================================

==================================================
Dump File : Mini080711-01.dmp
Crash Time : 8/7/2011 7:43:38 PM
Bug Check String : DRIVER_CORRUPTED_EXPOOL
Bug Check Code : 0x000000c5
Parameter 1 : 0x4154535f
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x81efd1c3
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+5ad54
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18538 (vistasp1_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+5ad54
Stack Address 1 : ntkrnlpa.exe+ed1c3
Stack Address 2 : ntkrnlpa.exe+ee6e0
Stack Address 3 : ecache.sys+c89e
Computer Name :
Full Path : C:\Windows\Minidump\Mini080711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 133,896
==================================================

==================================================
Dump File : Mini031111-01.dmp
Crash Time : 3/12/2011 12:19:49 AM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x84f66878
Parameter 3 : 0x88f2a030
Parameter 4 : 0x85526278
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18538 (vistasp1_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+33b6c
Stack Address 2 : ntkrnlpa.exe+336bc
Stack Address 3 : ntkrnlpa.exe+b6cc0
Computer Name :
Full Path : C:\Windows\Minidump\Mini031111-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 138,904
==================================================

==================================================
Dump File : Mini030311-01.dmp
Crash Time : 3/3/2011 4:57:09 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x85224b30
Parameter 3 : 0x8650a918
Parameter 4 : 0x85323220
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+cd1cb
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18538 (vistasp1_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+cd1cb
Stack Address 1 : ntkrnlpa.exe+33b6c
Stack Address 2 : ntkrnlpa.exe+336bc
Stack Address 3 : ntkrnlpa.exe+b6cc0
Computer Name :
Full Path : C:\Windows\Minidump\Mini030311-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6001
Dump File Size : 138,904
==================================================

==================================================
Dump File : Mini012011-01.dmp
Crash Time : 1/20/2011 5:02:36 PM
Bug Check String : DRIVER_POWER_STATE_FAILURE
Bug Check Code : 0x0000009f
Parameter 1 : 0x00000003
Parameter 2 : 0x84679318
Parameter 3 : 0x845605a8
Parameter 4 : 0x846eb698
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+d8781
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6001.18538 (vistasp1_gdr.101014-0432)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+d8781
Stack Address 1 : ntkrnlpa.exe+4b134
Stack Address 2 : ntkrnlpa.exe+4f182
Stack Address 3 : ntkrnlpa.exe+a9ad1
Computer Name :
Full Path : C:\Windows\Minidump\Mini012011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6000
Dump File Size : 138,904
==================================================
 
I don't see any recent BSOD report.
You say that when you try to start in normal mode you're getting BSOD.
What does it say?

================================================================

Please click HERE to download Kaspersky Virus Removal Tool.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button
    p4484522.gif
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button
    p4484523.gif
    then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.
 
The BSOD i get says the following:

Technical information:

*** STOP: 0x0000008E (0xC0000005, 0x82058759, 0x8EFD491C, 0x00000000)

Collecting data for crash dump.....
Initializing disk for crash dump......
Physical Memory Dump complete.
Contact System Admin... etc

Will have the log up shortly
 
After a 3 hour scan no threats were found and the program is responding when i tried to select all and copy it. I'm thinking that its still trying to select all 760,000 lines and its taking a while but its not responding at all :(.
 
The txt log file is pretty big 96MB and when i zip it, its like 5MB. Would take a whole lot of posts
 
OTL logfile created on: 10/23/2011 6:48:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianca Castro\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.77% Memory free
3.13 Gb Paging File | 2.93 Gb Available in Paging File | 93.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.80 Gb Total Space | 173.07 Gb Free Space | 78.03% Space Free | Partition Type: NTFS
Drive D: | 11.08 Gb Total Space | 3.84 Gb Free Space | 34.67% Space Free | Partition Type: NTFS

Computer Name: ANA-PC | User Name: Bianca Castro | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/02/08 12:55:22 | 000,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe


========== Modules (No Company Name) ==========

MOD - [2007/05/19 01:59:06 | 000,356,928 | ---- | M] () -- C:\Program Files\Spare Backup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (vToolbarUpdater)
SRV - File not found [On_Demand | Stopped] -- -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [Auto | Stopped] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/24 20:37:00 | 000,070,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 20:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 01:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/05 19:04:16 | 000,534,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW147.sys -- (MRVW147) Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x)
DRV - [2007/05/23 21:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/30 01:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/08 05:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=tool...our04ie&clid=3a386806a6b54f77adf782a6b9a43898
IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&Keywords={searchTerms}"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Bianca Castro\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bianca Castro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/20 21:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 22:20:51 | 000,000,000 | ---D | M]

[2010/08/19 00:43:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Extensions
[2011/10/20 21:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions
[2011/10/20 21:18:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/20 21:18:28 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions\browserhighlighter@ebay.com
[2011/10/20 22:16:11 | 000,003,674 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\searchplugins\avg-secure-search.xml
[2011/10/20 22:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/20 21:16:51 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/10 01:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/25 16:04:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 01:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 00:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/20 21:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/20 22:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\BIANCA CASTRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMQLK0RR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Bianca Castro\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Bianca Castro\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Bianca Castro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Click to call with Skype = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

O1 HOSTS File: ([2011/10/22 19:55:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1202607635\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - Startup: C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk = C:\Users\Bianca Castro\AppData\Local\temp\_uninst_.bat ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF67151-6190-40DF-9538-0890B562DCC8}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 01:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 00:41:51 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\bluescreenview
[2011/10/22 23:36:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 22:28:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
[2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp
[2011/10/22 22:08:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/22 21:02:23 | 004,269,227 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
[2011/10/22 20:00:36 | 000,000,000 | --SD | C] -- C:\yourname29696y
[2011/10/22 19:46:42 | 000,000,000 | --SD | C] -- C:\yourname
[2011/10/22 19:37:09 | 000,000,000 | --SD | C] -- C:\yourname.exe27063y
[2011/10/22 19:32:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/22 19:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/22 19:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/22 19:32:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/22 13:44:54 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\NTBR_CD
[2011/10/22 13:29:52 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
[2011/10/22 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\bootkit_remover
[2011/10/22 12:37:58 | 008,922,408 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
[2011/10/22 12:37:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
[2011/10/21 22:57:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
[2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/21 11:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/20 22:18:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/20 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
[2011/10/20 22:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/20 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 21:46:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/20 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/20 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/20 16:40:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE(2).BIN
[2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp(1130)
[2011/10/20 13:02:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 02:09:02 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\Malwarebytes
[2011/10/20 02:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/20 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/20 00:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/10/19 18:58:10 | 000,000,000 | ---D | C] -- C:\PC Tools Spyware Doctor Enterprise

========== Files - Modified Within 30 Days ==========

[2011/10/23 18:47:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 18:46:55 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/10/23 15:32:09 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 15:32:09 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/23 13:13:55 | 000,000,771 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011/10/23 00:59:48 | 098,324,976 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\setup_11.0.0.1245.x01_2011_10_23_07_43.exe
[2011/10/23 00:41:35 | 000,061,200 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\bluescreenview.zip
[2011/10/22 22:49:22 | 000,000,680 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Local\d3d9caps.dat
[2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
[2011/10/22 21:02:25 | 004,269,227 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
[2011/10/22 19:55:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/22 19:27:18 | 001,008,092 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\rkill.com
[2011/10/22 17:32:03 | 000,000,512 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
[2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:43:52 | 002,565,464 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
[2011/10/22 13:29:53 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
[2011/10/22 13:19:48 | 000,044,607 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
[2011/10/22 12:53:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 12:38:01 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
[2011/10/22 12:37:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
[2011/10/22 12:25:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 00:04:53 | 000,302,592 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
[2011/10/21 22:57:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
[2011/10/21 11:57:45 | 000,000,943 | ---- | M] () -- C:\Users\Bianca Castro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/21 11:25:30 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/20 22:40:20 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/20 21:50:32 | 000,000,870 | ---- | M] () -- C:\Users\Bianca Castro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/20 21:50:32 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/20 21:46:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/17 22:56:32 | 000,014,198 | -H-- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
[2011/10/17 22:56:15 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
[2011/10/15 21:41:19 | 000,006,144 | ---- | M] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
[2011/09/27 14:39:20 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps

========== Files Created - No Company Name ==========

[2011/10/23 01:04:58 | 000,000,771 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
[2011/10/23 00:58:33 | 098,324,976 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\setup_11.0.0.1245.x01_2011_10_23_07_43.exe
[2011/10/23 00:41:35 | 000,061,200 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\bluescreenview.zip
[2011/10/22 22:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Local\d3d9caps.dat
[2011/10/22 19:32:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/22 19:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/22 19:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/22 19:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/22 19:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/22 19:27:18 | 001,008,092 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\rkill.com
[2011/10/22 17:32:03 | 000,000,512 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
[2011/10/22 13:59:06 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/10/22 13:43:51 | 002,565,464 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
[2011/10/22 13:19:47 | 000,044,607 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
[2011/10/22 00:04:51 | 000,302,592 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
[2011/10/21 11:57:45 | 000,000,949 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/21 11:41:07 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/20 21:46:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/15 22:18:05 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
[2011/10/15 21:41:19 | 000,006,144 | ---- | C] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
[2011/09/25 22:51:14 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps
[2011/02/06 04:13:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/06 04:13:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/23 00:09:50 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/23 00:09:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/10 13:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/29 20:15:17 | 000,014,198 | -H-- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/09 22:16:19 | 000,031,744 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/09 21:58:13 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/20 01:38:50 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/20 01:38:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/11/20 01:37:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/04/05 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\acccore
[2010/10/29 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\FrostWire
[2011/10/20 21:18:20 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\ICAClient
[2008/02/09 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\SampleView
[2011/10/20 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Spare Backup
[2008/02/09 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\WildTangent
[2008/04/05 21:20:44 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\acccore
[2010/07/06 12:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Auslogics
[2011/10/20 22:14:31 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
[2010/10/31 19:48:19 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\FrostWire
[2009/08/28 20:17:43 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Octoshape
[2010/09/25 22:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\PlayFirst
[2010/04/28 19:07:54 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Research In Motion
[2008/02/09 23:14:41 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\SampleView
[2011/10/20 22:44:15 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Spare Backup
[2011/02/28 15:59:38 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Template
[2011/09/09 20:41:56 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Unity
[2008/02/09 21:30:05 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\WildTangent
[2011/10/22 13:53:50 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
 
OTL Extras logfile created on: 10/23/2011 6:48:49 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianca Castro\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.59 Gb Available Physical Memory | 86.77% Memory free
3.13 Gb Paging File | 2.93 Gb Available in Paging File | 93.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.80 Gb Total Space | 173.07 Gb Free Space | 78.03% Space Free | Partition Type: NTFS
Drive D: | 11.08 Gb Total Space | 3.84 Gb Free Space | 34.67% Space Free | Partition Type: NTFS

Computer Name: ANA-PC | User Name: Bianca Castro | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D203476-728D-4787-917E-916AD3B4768B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{49B968FB-5437-4194-B587-218B98E182B0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F06EF20E-41CF-424E-A656-B64AC24A6471}" = lport=5191 | protocol=6 | dir=in | name=the browser highlighter xcom |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E3A6354-BF5E-4B9B-8521-BD5F4AFD291B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{0FF6AB86-E78C-419F-A4AE-482BC56837C7}" = protocol=17 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{12AC89C6-5304-4F95-98CA-D725D6E117D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13D69D4F-0650-450C-A2AC-180F9C2EB3CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{19729D78-219B-4C27-9A50-F85859801098}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{199EAAFE-1B5E-400D-ABEF-46F6C86E1F3A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{1A8A953C-A802-403D-8BB3-2A45AC06C1CD}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1C397E6B-3398-4F7B-A6CC-E81C165C03E0}" = protocol=6 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{33414B26-314E-4BE8-B70E-FDE746192164}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{378BC93F-D96A-40EA-B0F3-0EFF7CA3E8FA}" = protocol=17 | dir=in | app=c:\program files\tbh\monitor\bin\tbhmonitor.exe |
"{4821A3C9-83BF-47D8-925A-05A82D1834F2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{487E1D36-8756-40EF-B193-643533FB6F6C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{494E2165-A6A8-4386-9C88-1186C54D9397}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4A54C080-E60C-4747-959D-F0295091B0AC}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{54E2CBCB-B1E4-4470-8FB5-3F1C943248A0}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{64DF48CA-1DC8-4E44-8638-3A390D5AE626}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{651BD865-9AAC-4ADD-99F7-8289CBFC6F1B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{66C2ED24-BF56-4EC9-B270-CE66DA75CBC0}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{6B5EE5CA-CF9A-494E-8634-E4EFB498F848}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{705E7065-92E4-4F2E-A4EE-421C6EC8AE7D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{71C8212D-4A34-4CF0-A317-09241B7887B0}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{74D5EF7B-937D-4123-8AED-ED4899EB4DF8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{887E19DD-447A-4C33-890A-6C1F36076FBC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{91724186-E22B-44FE-B57E-71AAB1976220}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{96807EC9-F9FC-484F-AC77-4073A0BFAF64}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{9DE5263B-AD44-49C9-BBBE-0C0722D2D9FF}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{A0FF2A8C-5DB1-40F4-8F43-D2619A71DA14}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{A70ABB80-E403-43E7-8C9D-BEF5E8E5212F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A8B019B9-AB29-4C72-9852-9E1CDBC80D34}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{B2770954-9FA2-4407-AAD9-7312C5DC03A5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{B2C2EE4A-9516-4DB1-91EF-7DC592683187}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{B5BFCF84-0B38-4483-B3C4-3F10D2AF3B11}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B5D204F7-4BC9-446D-ACA5-8ED11719E2B5}" = protocol=6 | dir=in | app=c:\program files\aol 9.0a\waol.exe |
"{BD411F8E-8A32-4CC4-8545-773880040739}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C42A751D-B014-40CF-BB07-1C278B90A071}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{C5BEA1F3-9400-4DD1-8398-A4ABF10505BA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{C68ED48D-039C-4758-905D-4EF8C88DDB46}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C8560F4F-FBE9-4178-83CA-4F6EEB90C158}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{CE23F9D9-37E2-4A69-873E-8F7DB67ECDEC}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{CF9B3465-6235-41BF-8BBF-60481B5002C5}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{D1BA2837-DD82-4EC9-972D-0B7FC32E851C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{DECBC31D-6323-4229-AC74-682659BA370E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E16B19F4-FCBC-4A91-BCD8-DF842F623D18}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{E206EB3D-1C19-41DD-80CB-7C150F9E11EB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0A2CDFC-DC30-43B7-9147-3B96AB2C3637}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F5B61F00-E909-4A04-B544-988D79FA11CA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{F6A1B77B-962E-4ABA-8938-9D3D0FF5A5D5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F9325271-1FAC-4A8C-A037-9C67954E3B24}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1202607635\ee\aolsoftware.exe |
"{FB1300CB-BCEF-417E-BEE7-95B23E75306F}" = protocol=6 | dir=in | app=c:\program files\tbh\base\bin\tbhdaemon.exe |
"{FB2DA08C-B4B1-4556-B984-8F5B47226319}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1202607635\ee\aolsoftware.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 29
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA0B8BE-3735-4287-AF4D-B8DE088D0AA7}" = AVG 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{802FC973-4729-4735-A731-D692AA1AC339}" = Browser Highlighter - Firefox
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A57C6094-FC5A-4DEC-B1E0-1B2F48EEE8F4}" = Spare Backup
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{FE5BB5C7-BD6E-4F90-82FD-6DB7B3781BE9}" = Marvell(R) Wireless Card Software Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_7" = AIM 7
"Aleks 3.14" = Aleks 3.14
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AVG" = AVG 2012
"BlackBerry_{13333239-0A15-4855-BEEB-0232DAA5B7EA}" = BlackBerry Desktop Software 5.0.1
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"EADM" = EA Download Manager
"FrostWire" = FrostWire 4.21.1
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PerformanceTest 7_is1" = PerformanceTest v7.0
"Picasa 3" = Picasa 3
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
While in safe mode....

Go Start>Run (Start Search in Vista), type in:
msconfig
Click OK (hit Enter in Vista).

Click on Startup tab.
Click Disable all
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

Click Services tab.
Put checkmark in Hide all Microsoft services
Click Disable all.

Click OK.
Restart computer in Normal Mode.

NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
If you use Windows firewall, you're fine.

Same problem?
 
Please reverse all changes you just made.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps HERE
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
OTL logfile created on: 10/24/2011 1:08:20 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.80 Gb Total Space | 172.53 Gb Free Space | 77.79% Space Free | Partition Type: NTFS
Drive E: | 11.08 Gb Total Space | 3.85 Gb Free Space | 34.70% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (vToolbarUpdater)
SRV - File not found [On_Demand] -- -- (LiveUpdate)
SRV - File not found [Auto] -- -- (avgwd)
SRV - File not found [Auto] -- -- (AVGIDSAgent)
SRV - File not found [Auto] -- -- (Automatic LiveUpdate Scheduler)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/05/24 20:37:00 | 000,070,952 | ---- | M] () [Auto] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/12 20:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/10/05 01:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | System] -- -- (Avgtdix)
DRV - File not found [File_System | Boot] -- -- (Avgrkx86)
DRV - File not found [File_System | System] -- -- (Avgmfx86)
DRV - File not found [Kernel | System] -- -- (Avgldx86)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSShim)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSFilter)
DRV - File not found [Kernel | Boot] -- -- (AVGIDSEH)
DRV - File not found [Kernel | On_Demand] -- -- (AVGIDSDriver)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/01/05 19:04:16 | 000,534,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\MRVW147.sys -- (MRVW147) Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x)
DRV - [2007/05/23 21:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/01/30 01:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/08 05:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\Windows\System32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\ana_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\ana_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\ana_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
IE - HKU\ana_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\ana_ON_C\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKU\ana_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bianca_Castro_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Bianca_Castro_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=tool...our04ie&clid=3a386806a6b54f77adf782a6b9a43898
IE - HKU\Bianca_Castro_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\Bianca_Castro_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Bianca_Castro_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"
FF - prefs.js..browser.search..defaultengine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..defaultenginename: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..order.1: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngine: "Yahoo-Mp3Tube"
FF - prefs.js..browser.search..selectedEngineURL: "http://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&keywords={searchTerms}"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/20 21:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 22:20:51 | 000,000,000 | ---D | M]

[2010/09/01 11:46:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Extensions
[2011/01/03 16:52:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\77m7xr87.default\extensions
[2011/10/20 21:18:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ana\AppData\Roaming\Mozilla\Firefox\Profiles\77m7xr87.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/20 22:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/20 21:16:51 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/10/10 01:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/25 16:04:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/05 01:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/12 00:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/20 21:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/20 22:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/10/22 19:55:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\ana_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\ana_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\Bianca_Castro_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\Bianca_Castro_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1202607635\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\ana_ON_C..\Run: [Aim6] File not found
O4 - HKU\ana_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\ana_ON_C..\RunOnce: [spchecker] File not found
O7 - HKU\ana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\ana_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Bianca_Castro_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Bianca_Castro_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Bianca_Castro_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Bianca_Castro_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &AIM Search - C:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/23 23:40:17 | 127,231,689 | ---- | C] (Igor Pavlov) -- C:\Users\Bianca Castro\Desktop\OTLPENet.exe
[2011/10/23 01:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/10/23 00:41:51 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\bluescreenview
[2011/10/22 23:36:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/22 22:28:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
[2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp
[2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\temp
[2011/10/22 22:08:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/22 21:02:23 | 004,269,227 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
[2011/10/22 20:00:36 | 000,000,000 | --SD | C] -- C:\yourname29696y
[2011/10/22 19:46:42 | 000,000,000 | --SD | C] -- C:\yourname
[2011/10/22 19:37:09 | 000,000,000 | --SD | C] -- C:\yourname.exe27063y
[2011/10/22 19:32:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/22 19:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/22 19:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/22 19:32:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/22 13:44:54 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\NTBR_CD
[2011/10/22 13:29:52 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
[2011/10/22 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\bootkit_remover
[2011/10/22 12:37:58 | 008,922,408 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
[2011/10/22 12:37:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
[2011/10/21 22:57:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
[2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/10/21 11:41:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/21 11:41:09 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/10/21 11:41:09 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/10/21 11:41:09 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/10/21 11:41:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/21 11:41:08 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/10/21 11:41:08 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/21 11:41:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/10/21 11:41:08 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/10/21 11:41:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/10/21 11:41:07 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/10/21 11:41:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/10/21 11:41:07 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/10/21 11:41:07 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/10/21 11:41:06 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/10/21 11:41:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/10/21 11:41:06 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/10/21 11:40:01 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/10/21 11:40:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/10/21 11:40:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/10/21 11:40:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/10/21 11:40:01 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2011/10/21 11:40:00 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/10/21 11:40:00 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/10/21 11:40:00 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/10/21 11:40:00 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/10/21 11:40:00 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/10/21 11:40:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/10/21 11:39:59 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2011/10/21 11:39:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/10/21 11:39:59 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/10/21 11:39:59 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/10/21 11:39:58 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/10/21 11:39:58 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/10/21 11:39:58 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/10/21 11:39:58 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/21 11:39:57 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/10/21 11:39:57 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/10/21 11:39:57 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2011/10/21 11:39:57 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/10/21 11:39:57 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/10/21 11:39:57 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2011/10/21 11:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/20 22:18:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/20 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
[2011/10/20 22:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/10/20 22:09:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/20 22:09:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/20 22:09:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/20 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 21:46:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/20 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/10/20 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\SUPERAntiSpyware.com
[2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/20 16:40:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE(2).BIN
[2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\Temp(908)
[2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp(1130)
[2011/10/20 13:02:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/20 02:09:02 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\Malwarebytes
[2011/10/20 02:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/20 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/10/20 00:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/10/19 18:58:10 | 000,000,000 | ---D | C] -- C:\PC Tools Spyware Doctor Enterprise
[2011/10/19 17:47:10 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\AVG Security Toolbar

========== Files - Modified Within 30 Days ==========

[2011/10/23 23:49:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/23 23:41:26 | 127,231,689 | ---- | M] (Igor Pavlov) -- C:\Users\Bianca Castro\Desktop\OTLPENet.exe
[2011/10/23 23:32:21 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/10/23 15:32:09 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/23 15:32:09 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/23 00:59:48 | 098,324,976 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\setup_11.0.0.1245.x01_2011_10_23_07_43.exe
[2011/10/23 00:41:35 | 000,061,200 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\bluescreenview.zip
[2011/10/22 22:49:22 | 000,000,680 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Local\d3d9caps.dat
[2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
[2011/10/22 21:02:25 | 004,269,227 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
[2011/10/22 19:55:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/10/22 19:27:18 | 001,008,092 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\rkill.com
[2011/10/22 17:32:03 | 000,000,512 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
[2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/22 13:43:52 | 002,565,464 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
[2011/10/22 13:29:53 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
[2011/10/22 13:19:48 | 000,044,607 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
[2011/10/22 12:53:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/22 12:38:01 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
[2011/10/22 12:37:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
[2011/10/22 12:25:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/22 00:04:53 | 000,302,592 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
[2011/10/21 22:57:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
[2011/10/21 11:57:45 | 000,000,943 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/21 11:25:30 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/20 22:40:20 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/10/20 21:50:32 | 000,000,870 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/20 21:50:32 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/20 21:50:32 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/20 21:46:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 21:46:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/20 21:18:06 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/17 22:56:32 | 000,014,198 | -H-- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
[2011/10/17 22:56:15 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
[2011/10/15 21:41:19 | 000,006,144 | ---- | M] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/09/27 14:39:20 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps

========== Files Created - No Company Name ==========

[2011/10/23 00:58:33 | 098,324,976 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\setup_11.0.0.1245.x01_2011_10_23_07_43.exe
[2011/10/23 00:41:35 | 000,061,200 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\bluescreenview.zip
[2011/10/22 22:49:22 | 000,000,680 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Local\d3d9caps.dat
[2011/10/22 19:32:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/22 19:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/22 19:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/22 19:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/22 19:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/22 19:27:18 | 001,008,092 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\rkill.com
[2011/10/22 17:32:03 | 000,000,512 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
[2011/10/22 13:59:06 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/10/22 13:43:51 | 002,565,464 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
[2011/10/22 13:19:47 | 000,044,607 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
[2011/10/22 00:04:51 | 000,302,592 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
[2011/10/21 11:57:45 | 000,000,949 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/21 11:41:07 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/10/20 21:46:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/15 22:18:05 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
[2011/10/15 21:41:19 | 000,006,144 | ---- | C] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
[2011/09/25 22:51:14 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps
[2011/02/06 04:13:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/06 04:13:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/01/23 00:09:50 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/01/23 00:09:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/02/10 13:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/11/29 20:15:17 | 000,014,198 | -H-- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008/02/09 22:16:19 | 000,031,744 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/09 21:58:13 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/02/09 20:53:08 | 000,022,528 | ---- | C] () -- C:\Users\ana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/11/20 01:38:50 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/20 01:38:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2007/11/20 01:37:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== LOP Check ==========

[2008/04/05 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\acccore
[2010/10/29 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\FrostWire
[2011/10/20 21:18:20 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\ICAClient
[2008/02/09 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\SampleView
[2011/10/20 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Spare Backup
[2008/02/09 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\WildTangent
[2008/04/05 21:20:44 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\acccore
[2010/07/06 12:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Auslogics
[2011/10/20 22:14:31 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
[2010/10/31 19:48:19 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\FrostWire
[2009/08/28 20:17:43 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Octoshape
[2010/09/25 22:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\PlayFirst
[2010/04/28 19:07:54 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Research In Motion
[2008/02/09 23:14:41 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\SampleView
[2011/10/20 22:44:15 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Spare Backup
[2011/02/28 15:59:38 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Template
[2011/09/09 20:41:56 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Unity
[2008/02/09 21:30:05 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\WildTangent
[2010/06/16 09:39:17 | 000,000,000 | -H-D | M] -- C:\ProgramData\AIM
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/10/22 19:16:35 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2011/01/08 03:26:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2011/03/25 16:09:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/10/22 19:16:44 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2010/05/12 14:36:01 | 000,000,000 | -H-D | M] -- C:\ProgramData\Napster
[2009/08/09 19:16:44 | 000,000,000 | -H-D | M] -- C:\ProgramData\PassMark
[2010/04/28 18:54:39 | 000,000,000 | -H-D | M] -- C:\ProgramData\Research In Motion
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/10/20 00:36:18 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2008/02/09 20:35:54 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2010/06/19 13:23:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\Viewpoint
[2011/10/20 21:18:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WildTangent
[2011/02/07 10:15:51 | 000,000,000 | -H-D | M] -- C:\ProgramData\WindowsSearch
[2007/11/20 01:31:02 | 000,000,000 | ---D | M] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/08/20 12:09:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/10/22 13:53:50 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
SRV - File not found [Auto] -- -- (vToolbarUpdater)
SRV - File not found [On_Demand] -- -- (LiveUpdate)
SRV - File not found [Auto] -- -- (Automatic LiveUpdate Scheduler)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Adapter | Unavailable] -- -- (PnSson)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O3 - HKU\ana_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\Bianca_Castro_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found
O4 - HKLM..\Run: [] File not found
O4 - HKU\ana_ON_C..\Run: [Aim6] File not found
O4 - HKU\ana_ON_C..\RunOnce: [FlashPlayerUpdate] File not found
O4 - HKU\ana_ON_C..\RunOnce: [spchecker] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\ana\AppData\Local\Temp(908)
[2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp(1130)
[2010/06/19 13:23:58 | 000,000,000 | -H-D | M] -- C:\ProgramData\Viewpoint


:Services

:Reg

:Files

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.
 
Back