Why Is My Firewall Asking Me What To Do... As If I Know?

AyameTaylor · Dec 5, 2011

I do apologize for the topic title, I'll be honest i don't know what to put in those things some time and why not add in a bit of humor (at least perceived on my side of the screen as humor) while i am at it. *ahem* anyway.

My fire wall keeps prompting me telling that this one thing is A potentially harmful Malware; so i go to get rid of it and it tells me that it cannot be completely removed, and asks me if i would like tech support to help get rid of it. While normally i am one of those people who would jump on the chance of being informed by someone who get's paid to tell me what i need; I am cheep and i have am broke like pretty well everyone else on this planet anymore... and with that being said......

I am here to ask for some opinions/ advice.

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe <-That is what keeps popping up, and i don't know what the heck it is or why it's on my computers.... apparently it's and installer of some kine... but i don't know what it is for. x.X is there anyway to find out what it is, if it's important, and WHY i can't remove it completely from my computer?

BeeCeeBee · Dec 5, 2011

Do not touch it. It appears that you may have picked up a virus or trojan. Firewalls do not act that way. What firewall are you using?

AyameTaylor · Dec 5, 2011

COMODO firewall, which i got after i had some errors with my system that didn't make any sense to me. All of my Spyware, Maleware, and anti-virus programs decided to uninstall themselves and such and a friend of mine said i best get comodo then re-install those programs again. Which i have. Comodo is the only program that keeps picking up this one issue- generally at start up. I'll restart and edit this post with further information for you guys

PseFrank · Dec 6, 2011

I agree with BeeCeeBee, sounds like you have an undesirable lurking inside your computer.

I've sent a message to one of our malware experts. Please be patient, they should be along within the next few hours to give advice.

AyameTaylor · Dec 6, 2011

Thanks, you guys are all so helpful on this site. I love it already.

starbuck · Feb 4, 2014

Hi Ayame

My fire wall keeps prompting me telling that this one thing is A potentially harmful Malware; so i go to get rid of it and it tells me that it cannot be completely removed, and asks me if i would like tech support to help get rid of it.
Click to expand...

Comodo do offer this support, but it's only free if you have purchased the full Comodo Security Suite. ( of which Comodo Firewall is a part of).
But if you are running the free version you would be charged for this service.

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe <-That is what keeps popping up,
Click to expand...

It's not exactly malware, but may have been added to your system when you played a game or downloaded something else.
It's certainly something which you don't need.
http://www.w3i.com/index.aspx

if there's any reference to W3i in your add/remove .... you can safely remove it.

COMODO firewall, which i got after i had some errors with my system that didn't make any sense to me. All of my Spyware, Maleware, and anti-virus programs decided to uninstall themselves
Click to expand...

2 things here both me slightly:
(1) Comodo Firewall is now part of Comodo Security Suite.... do you also install the Anti Virus part of the program?
(2) Why did your previous programs either uninstall themselves or just stop working?

I really think we should look into this a little deeper.
For all we know, if the cause was malware.... it may still be on your system in some form.

Step 1
Please download Malwarebytes Anti-Malware and save it to your desktop.

Make sure you are connected to the Internet.

Double-click on Download_mbam-setup.exe to install the application.

When the installation begins, follow the prompts and do not make any changes to default settings.

When installation has finished, make sure you leave both of these checked:

Update Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware

Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Full Scan" option is selected.

Then click on the Scan button.

If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.

The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.

When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".

Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.

Make sure that everything is checked, and click Remove Selected.

When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)

The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 2

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

When the window appears, underneath Output at the top change it to Minimal Output.

Check the boxes beside LOP Check and Purity Check

.

.
.

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.
.

Click the Run Scan button.

Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

In your next reply, please submit:
MBAM scan report
Both reports from OTL.

These reports will give us a very good idea of what's what on your system

Thanks.

AyameTaylor · Dec 13, 2011

Okay, I already had MalwareBites on my computer. (Was one of my original programs that disappeared in the first place.) So now when i go to open it, it checks for the updated as it should, I go to up date it as it is 18 days past due. When i do so, Window's runs in to an error and it stops working, then prompts for it to close. <- I have tried rebooting it several times (even after i have rebooted my computer, to the same effect)

The new program, OTL, Downloaded quickly and wonderfully. It ran fine, until it came to The 'Scanning Module...' section on the bottom of the window (i was watching it like a hawk after MalWare decided to kick the bucket after the 25th time.

It too has stopped running, It has remained stopped running for about ten minutes now. I have ended the process via the task manager. And I don't know what else to do? Is there anything else you may or may not need from me to further this.... *sighs*

Sorry for the late reply, and thank you for your help this far.

AyameTaylor · Dec 13, 2011

Okay, so apparently i do not have permission to edit my post above; i apologize for the double post.

So OTL finished, after the second run through, and i let it just sit there wallowing in its own (no-responce) self pity. It finished. So here is the information requested in the OTL program,

Extras.txt-notepad.

OTL Extras logfile created on: 13/12/2011 7:35:46 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ayame\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.93% Memory free
6.20 Gb Paging File | 4.14 Gb Available in Paging File | 66.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 159.76 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 56.98% Space Free | Partition Type: NTFS

Computer Name: AYAME-LAPPY | User Name: Ayame | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AC16917-633D-4D84-AD0C-BB166B10B957}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1121F239-3366-4C39-8915-CA450F1B6BA1}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F3E5066-09AB-4AA1-AB1B-6C9233A3C02F}" = lport=139 | protocol=6 | dir=in | app=system |
"{2EAAC774-3D8C-46F2-B72B-46A3BDA62670}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34C30A7E-8909-4989-B1A1-DD1E5AB659F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A8F0920-02E5-4109-BC7B-42694BA6841D}" = rport=137 | protocol=17 | dir=out | app=system |
"{586C1FDF-5F55-4BA7-A7FB-CCA81E159B94}" = rport=10243 | protocol=6 | dir=out | app=system |
"{838D42A7-B434-4887-B3CD-CE1AB19596C3}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8607886E-69C5-4B0B-9102-25C764F3436C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9437EEDD-A6D2-4BE2-AC04-5067F9049DD2}" = rport=138 | protocol=17 | dir=out | app=system |
"{96ACD2D9-0955-413A-A55E-A6A77F494DD7}" = rport=139 | protocol=6 | dir=out | app=system |
"{B358C5E1-E32D-4929-88C7-768519B76241}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BFBDE49C-FB40-4B52-AD2D-23098B671803}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF79E781-1A62-4D04-A9A4-4240B3548725}" = lport=445 | protocol=6 | dir=in | app=system |
"{D85B586F-C377-450F-8E28-0D8E06C355CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DA356310-284F-42E1-A3DF-83589AB4A619}" = rport=445 | protocol=6 | dir=out | app=system |
"{DA36F7A9-8884-4AE3-A6AB-98915E1D7EEB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DA887A0A-8B6E-4B79-ACB4-181D9087359B}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFC0B4F8-178F-462A-A157-B20BCB4D586F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E187ED5D-E244-48C6-9EC9-479339B1090E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F0F835C2-74FC-4C27-A318-D9930792DC12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11689883-391B-4840-8C8F-F1F8D7AC4F3E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1CB4FA6D-5CDD-4383-AAF1-178B551BFD49}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{2B7CDA4A-CEF3-4042-AD9D-EE67170BD06D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{2FB90BA2-8623-4141-8A6A-9FE4B6830EC4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{324BA48B-D62A-4927-AC0A-FD5C59223464}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{333B6EF2-A38B-44B6-B9D3-E91AD9CA768B}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{33851D0C-BFED-433D-9E2A-CFA9F80F86D9}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{39F56932-31B4-442E-ADF8-F5136C615D0C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{419C1BFB-0AD6-437F-80BC-6C4543397515}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{519A56E8-D7B2-4566-9C53-01C42956682E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5435B3F0-9899-40D8-BECF-9172A66D6F56}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BC4779C-4A40-4E49-A219-E0645AE945FD}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{605BFB3A-1141-4C76-B180-FE7E0C61FEA1}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{6108C39D-74E9-464A-A27D-7125E2C30624}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{61A634DA-8081-4D33-B0BE-7C174ECEE16F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{638BE71C-FBE1-4B0A-9E09-7CD45A08F248}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6753EDAA-8CB4-451A-B059-201177AE792C}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{717C6151-6683-4F37-9834-664AA30F6704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{74D75F35-AC9F-4D26-B5FD-FBA9028E38FF}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{751FC34A-36DE-4DF6-887D-96BA71E1EE54}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{795F24F3-2DB3-467B-9E6A-07309BDEED44}" = dir=in | app=c:\program files\rosetta stone\rosetta stone v3\rosettastoneversion3.exe |
"{7E017D40-F921-4B6F-84D0-AA90DDB10767}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{8BF772BB-3C3B-4552-8042-5736189F8524}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{9835EC1B-B730-47B2-AA0F-053DFB05FE11}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{9A15C69C-0C93-406B-8DE7-6075C9D9296A}" = protocol=6 | dir=out | app=c:\program files\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{9BC35349-350D-4B5B-90E6-AAD6A1C713DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9BDAA743-C5CC-45AB-83F8-40BA9E4F6634}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A30739E9-CE17-472B-9D60-3D789486622F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B5589113-277D-450C-8FFC-083F390803B6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B63CCB50-378A-424D-831D-3CF9504517CB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcgpswx.exe |
"{C6AC7451-5B6F-4E4B-8AC0-5405231B355B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D1341C68-70AA-463B-B35F-40D98535F802}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D1F1713D-491C-4D7A-B84F-4E81CAC62AFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4CAA3F9-DEEA-461F-A6A7-E7C7E24152D8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7AD1B7E-6DB9-47E6-8F22-CFC0D5B3107B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DAA5E9A6-5FA0-43AC-9BF8-4641B34FFE06}" = protocol=6 | dir=out | app=system |
"{DB698C3B-72DE-444E-9E01-4D7A7B28D8F3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DCE68148-04F1-4959-97BB-8DC4AA657CDD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{E34066C5-463A-4865-8CBC-3E315735A62F}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E4AA98E0-F4CA-4158-9998-34BAE8AEC9A0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{E668EFB1-49B3-41C3-8899-04911F91C367}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{EA201E5D-CFFF-4BBD-94C7-7AAE175809E5}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{EAEC6472-73EA-4647-9391-0D1FD67837CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC63ED40-9467-469B-883A-0E8E896C73BD}" = dir=in | app=c:\program files\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{F3E19ADD-B0AF-4221-BB52-250DD0DAF492}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F4591DFE-B53B-46D3-B4F5-5C447678E724}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F5921D1A-4C8B-41E5-828D-B8E9E13C7D11}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{FDD0FAF8-715E-4799-A5FB-45FDF714EE5E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{17A30F37-D47F-4CBC-B8BF-78BAE4C1A81A}C:\users\ayame\random sh** people send me\ayametech_support\winvnc.exe" = protocol=6 | dir=in | app=c:\users\ayame\random sh** people send me\ayametech_support\winvnc.exe |
"TCP Query User{66AB3A6B-EBD0-4DC9-9A4E-AEA613F9404E}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"UDP Query User{7456CC47-5A4B-4D02-95C9-EE0983948393}C:\users\ayame\random sh** people send me\ayametech_support\winvnc.exe" = protocol=17 | dir=in | app=c:\users\ayame\random sh** people send me\ayametech_support\winvnc.exe |
"UDP Query User{7C359CD7-0B1D-4821-A3B7-0D628FC9C4E3}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294A2E0E-3A0B-4D1F-8282-11DEF2040227}" = InstallIQ Updater
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{4EAB2511-0135-48CA-A47B-CE1E6836793A}" = COMODO Internet Security
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.85
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"COMODO GeekBuddy" = COMODO GeekBuddy
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"FrostWire 5" = FrostWire 5.1.5
"iLivid" = iLivid
"Lexmark 2300 Series" = Lexmark 2300 Series
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Pdf995" = Pdf995
"RealPlayer 12.0" = RealPlayer
"Speccy" = Speccy
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"WIND" = WIND
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.0.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AddonChat" = AddonChat
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/12/2011 1:29:27 AM | Computer Name = Ayame-lappy | Source = Perflib | ID = 1010
Description =

Error - 07/12/2011 2:09:35 AM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module wkwpqd.dll, version 9.8.1117.0, time stamp 0x492379b8, exception
code 0xc0000005, fault offset 0x00037cae, process id 0x21b0, application start time
0x01ccb4a6bd8d59f0.

Error - 07/12/2011 5:51:33 AM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application YAHOOM~1.EXE, version 11.5.0.152, time stamp
0x4ecdebce, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0c9802d5, process id 0x1f18, application start time
0x01ccb3fc148ba3c0.

Error - 08/12/2011 1:12:10 AM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x252c, application start time 0x01ccb567b7fe8740.

Error - 08/12/2011 1:12:30 AM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application WksWP.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x27ac, application start time 0x01ccb567f4d6b340.

Error - 08/12/2011 3:00:42 AM | Computer Name = Ayame-lappy | Source = Windows Search Service | ID = 3013
Description =

Error - 08/12/2011 3:00:42 AM | Computer Name = Ayame-lappy | Source = Windows Search Service | ID = 3013
Description =

Error - 10/12/2011 3:28:32 PM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application wkswp.exe, version 9.7.613.0, time stamp 0x466fad27,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x00000000, process id 0x1560, application start time 0x01ccb771e46409f7.

Error - 13/12/2011 1:20:01 AM | Computer Name = Ayame-lappy | Source = Application Hang | ID = 1002
Description = The program chrome.exe version 15.0.874.121 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1788 Start Time: 01ccb956999d0400 Termination Time: 94

Error - 13/12/2011 8:34:45 AM | Computer Name = Ayame-lappy | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.0.1118, time stamp 0x4e5e8e67,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x0c000000, process id 0xee0, application start time 0x01ccb9939377ba10.

[ System Events ]
Error - 29/08/2011 11:22:25 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:36:23 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7030
Description =

Error - 29/08/2011 11:41:20 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:41:20 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:41:20 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:42:43 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:42:43 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:43:44 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:43:44 AM | Computer Name = Ayame-lappy | Source = Service Control Manager | ID = 7000
Description =

Error - 29/08/2011 11:53:53 AM | Computer Name = Ayame-lappy | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001644ED9BCA has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

< End of report >

OTL logfile created on: 13/12/2011 7:35:46 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ayame\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 26.93% Memory free
6.20 Gb Paging File | 4.14 Gb Available in Paging File | 66.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 159.76 Gb Free Space | 55.96% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.70 Gb Free Space | 56.98% Space Free | Partition Type: NTFS

Computer Name: AYAME-LAPPY | User Name: Ayame | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Ayame\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\ProgramData\WIND\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
PRC - C:\ProgramData\DatacardService\HWDeviceService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Microsoft Works\WksWP.exe (Microsoft® Corporation)
PRC - C:\Program Files\Microsoft Works\wkgdcach.exe (Microsoft® Corporation)
PRC - C:\Program Files\Microsoft Works\WkDStore.exe (Microsoft® Corporation)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Windows\System32\lxcgcoms.exe ( )
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\avutil-51.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\avformat-53.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\avcodec-53.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll ()
MOD - C:\Users\Ayame\AppData\Local\Google\Chrome\APPLIC~1\150874~1.121\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Program Files\Lexmark 2300 Series\iptk.dll ()

========== Win32 Services (SafeList) ==========

SRV - (HWDeviceService.exe) -- File not found
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe (COMODO)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (WIND. RunOuc) -- C:\Program Files\WIND\UpdateDog\ouc.exe ()
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (lxcg_device) -- C:\Windows\System32\lxcgcoms.exe ( )
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO)
DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO)
DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110938,17129,0,18,0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 21 CE A8 28 6F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com ppl3260;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com prpjplug;version=12.0.1.666: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com sJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ayame\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ayame\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ayame\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/02 22:14:11 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U27 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Ayame\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Ayame\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: uTorrentBar = C:\Users\Ayame\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj\2.3.0.15_0\
CHR - Extension: Bleach Theme3 = C:\Users\Ayame\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnpcmjjmkfceldpakemdldgpiappfig\2_0\
CHR - Extension: avast! WebRep = C:\Users\Ayame\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Ayame\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\prxtbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LXCGCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [lxcgmon.exe] C:\Program Files\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Ayame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B8C7DE-9020-40B6-AF0F-A8E2DD5EC8CE}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51B8C7DE-9020-40B6-AF0F-A8E2DD5EC8CE}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E5CB75-AA12-4298-82FA-27DBDF283803}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F9E5CB75-AA12-4298-82FA-27DBDF283803}: NameServer = 8.26.56.26,156.154.70.22
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) -C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ayame\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ayame\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\Shell - "" = AutoRun
O33 - MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\Shell - "" = AutoRun
O33 - MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\Shell - "" = AutoRun
O33 - MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\Shell - "" = AutoRun
O33 - MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\Shell - "" = AutoRun
O33 - MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/12/13 00:00:59 | 000,000,000 | ---D | C] -- C:\Users\Ayame\Photo's for Jinney
[2011/12/10 22:58:53 | 000,000,000 | ---D | C] -- C:\Users\Ayame\Documents\My eBooks
[2011/12/10 22:58:53 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\Mobipocket
[2011/12/10 22:57:21 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
[2011/12/10 22:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2011/12/10 22:43:02 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Local\Ilivid Player
[2011/12/10 22:41:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\{08E30618-5D06-461B-BBD3-4ADFB0810824}
[2011/12/10 22:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/12/10 22:41:32 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/12/10 22:40:18 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Local\PackageAware
[2011/12/08 06:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/08 06:25:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/08 06:25:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/08 06:25:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/08 06:25:17 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/08 01:46:39 | 000,000,000 | ---D | C] -- C:\Users\Ayame\blog
[2011/12/06 04:51:35 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\Yahoo!
[2011/12/06 04:46:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2011/12/06 04:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/12/06 04:40:00 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/12/06 00:29:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2011/12/06 00:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/12/03 03:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2011/12/02 23:56:30 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/12/02 22:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Registration
[2011/11/27 20:34:41 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\OpenOffice.org
[2011/11/27 20:33:47 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.1
[2011/11/27 20:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/11/27 20:32:15 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/11/27 20:26:57 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/11/27 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\Babylon
[2011/11/27 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Local\Babylon
[2011/11/27 20:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/11/24 15:25:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2011/11/24 15:21:31 | 000,000,000 | ---D | C] -- C:\Users\Ayame\AppData\Roaming\Malwarebytes
[2011/11/24 15:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/24 15:21:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/24 15:21:08 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/24 15:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/24 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2011/11/24 15:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2011/11/24 15:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/11/24 15:13:46 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011/11/24 15:04:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2011/11/24 15:02:28 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/11/24 15:02:28 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/11/24 15:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/11/24 15:02:27 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/11/24 15:02:27 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/11/24 15:02:27 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/11/24 15:02:27 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/11/24 15:02:01 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/11/24 15:02:01 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/11/24 15:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/11/24 15:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/11/23 09:02:58 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\pdfmona.dll
[2011/11/23 09:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2011/11/23 09:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995
[2011/11/23 09:02:57 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2011/11/23 08:43:37 | 000,000,000 | ---D | C] -- C:\Windows\PrimoPDF
[2011/10/19 12:36:37 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxcgserv.dll
[2011/10/19 12:36:37 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcgusb1.dll
[2011/10/19 12:36:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcghbn3.dll
[2011/10/19 12:36:37 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcgpmui.dll
[2011/10/19 12:36:37 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcglmpm.dll
[2011/10/19 12:36:37 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcgcoms.exe
[2011/10/19 12:36:37 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomm.dll
[2011/10/19 12:36:37 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxcginpa.dll
[2011/10/19 12:36:37 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcgiesc.dll
[2011/10/19 12:36:37 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxcgih.exe
[2011/10/19 12:36:37 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcghcp.dll
[2011/10/19 12:36:37 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcgprox.dll
[2011/10/19 12:36:37 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcgpplc.dll
[2011/10/19 12:36:36 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcgcomc.dll
[2011/10/19 12:36:36 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcgcfg.exe

========== Files - Modified Within 30 Days ==========

[2011/12/13 07:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-104752233-620572704-3953128964-1000UA.job
[2011/12/13 07:37:14 | 000,001,455 | ---- | M] () -- C:\Users\Ayame\Desktop\Lennox.rtf
[2011/12/13 07:09:00 | 000,002,433 | ---- | M] () -- C:\Users\Ayame\Desktop\Microsoft Works Word Processor.lnk
[2011/12/13 06:05:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 06:05:00 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/13 00:15:03 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/13 00:15:03 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/13 00:05:28 | 000,027,335 | ---- | M] () -- C:\Users\Ayame\AppData\Roaming\nvModes.001
[2011/12/13 00:04:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/13 00:04:47 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/12 23:43:56 | 000,022,416 | ---- | M] () -- C:\Users\Ayame\AppData\Roaming\wklnhst.dat
[2011/12/12 23:07:08 | 000,001,356 | ---- | M] () -- C:\Users\Ayame\AppData\Local\d3d9caps.dat
[2011/12/12 21:13:29 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-104752233-620572704-3953128964-1000Core.job
[2011/12/11 06:10:12 | 000,002,555 | ---- | M] () -- C:\Users\Ayame\Desktop\Mobipocket Reader.lnk
[2011/12/10 22:41:45 | 000,000,786 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/08 12:36:05 | 000,317,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/08 06:25:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/08 06:25:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/08 06:25:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/08 06:25:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/06 12:32:57 | 000,110,790 | ---- | M] () -- C:\Users\Ayame\Writing Folders.jpeg
[2011/12/06 05:10:45 | 000,114,688 | ---- | M] () -- C:\Users\Ayame\AT--sheet.wps
[2011/12/06 04:47:17 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/06 04:46:14 | 000,000,928 | ---- | M] () -- C:\Users\Ayame\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/06 04:46:14 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/12/06 02:17:35 | 000,015,147 | ---- | M] () -- C:\Users\Ayame\pen-writing2.jpg
[2011/12/06 00:29:10 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/12/03 03:40:02 | 000,000,995 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2011/11/28 23:52:39 | 000,027,335 | ---- | M] () -- C:\Users\Ayame\AppData\Roaming\nvModes.dat
[2011/11/27 22:55:00 | 000,098,816 | ---- | M] () -- C:\Users\Ayame\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/27 20:35:11 | 000,000,990 | ---- | M] () -- C:\Users\Ayame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/11/27 20:33:47 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2011/11/27 20:26:59 | 000,001,489 | ---- | M] () -- C:\user.js
[2011/11/25 23:23:10 | 000,010,240 | ---- | M] () -- C:\Users\Ayame\Desktop\A very special Thankyou.wps
[2011/11/24 15:21:13 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 15:15:00 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/24 15:13:50 | 000,001,019 | ---- | M] () -- C:\Users\Ayame\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/24 15:13:46 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2011/11/24 15:02:28 | 000,001,791 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/24 15:02:27 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/11/23 13:29:50 | 000,031,235 | ---- | M] () -- C:\Users\Ayame\378040_249389185116546_219647184757413_647873_604643768_n.jpg
[2011/11/23 09:02:58 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\Windows\System32\pdfmona.dll
[2011/11/23 09:02:58 | 000,051,716 | ---- | M] () -- C:\Windows\System32\pdf995mon.dll
[2011/11/23 09:02:58 | 000,000,025 | ---- | M] () -- C:\Windows\wpd99.drv
[2011/11/18 16:18:50 | 000,002,044 | ---- | M] () -- C:\Users\Ayame\Desktop\Google Chrome.lnk
[2011/11/18 16:18:50 | 000,002,006 | ---- | M] () -- C:\Users\Ayame\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/11/17 13:48:59 | 000,000,220 | -H-- | M] () -- C:\Users\Ayame\Desktop\internet password.rtf

========== Files Created - No Company Name ==========

[2011/12/13 07:37:14 | 000,001,455 | ---- | C] () -- C:\Users\Ayame\Desktop\Lennox.rtf
[2011/12/10 22:57:21 | 000,002,555 | ---- | C] () -- C:\Users\Ayame\Desktop\Mobipocket Reader.lnk
[2011/12/10 22:41:45 | 000,000,786 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/06 12:33:02 | 000,110,790 | ---- | C] () -- C:\Users\Ayame\Writing Folders.jpeg
[2011/12/06 05:10:45 | 000,114,688 | ---- | C] () -- C:\Users\Ayame\AT--sheet.wps
[2011/12/06 04:46:14 | 000,000,928 | ---- | C] () -- C:\Users\Ayame\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/06 04:46:14 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2011/12/06 02:17:41 | 000,015,147 | ---- | C] () -- C:\Users\Ayame\pen-writing2.jpg
[2011/12/06 00:29:10 | 000,000,738 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2011/12/03 03:31:23 | 3219,173,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/27 20:35:11 | 000,000,990 | ---- | C] () -- C:\Users\Ayame\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
[2011/11/27 20:33:47 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2011/11/27 20:26:54 | 000,001,489 | ---- | C] () -- C:\user.js
[2011/11/25 23:23:10 | 000,010,240 | ---- | C] () -- C:\Users\Ayame\Desktop\A very special Thankyou.wps
[2011/11/24 15:21:13 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/24 15:15:00 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2011/11/24 15:13:50 | 000,001,019 | ---- | C] () -- C:\Users\Ayame\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2011/11/24 15:13:49 | 000,000,995 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2011/11/24 15:02:28 | 000,001,791 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/11/23 13:29:57 | 000,031,235 | ---- | C] () -- C:\Users\Ayame\378040_249389185116546_219647184757413_647873_604643768_n.jpg
[2011/11/23 09:02:58 | 000,051,716 | ---- | C] () -- C:\Windows\System32\pdf995mon.dll
[2011/11/23 09:02:58 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2011/11/23 08:43:42 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/11/17 13:48:59 | 000,000,220 | -H-- | C] () -- C:\Users\Ayame\Desktop\internet password.rtf
[2011/10/19 21:41:16 | 000,000,552 | ---- | C] () -- C:\Users\Ayame\AppData\Local\d3d8caps.dat
[2011/10/19 12:36:37 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxcginst.dll
[2011/09/09 00:31:01 | 000,022,416 | ---- | C] () -- C:\Users\Ayame\AppData\Roaming\wklnhst.dat
[2011/09/08 19:43:40 | 000,098,816 | ---- | C] () -- C:\Users\Ayame\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/29 10:15:08 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/29 10:15:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/29 08:35:47 | 000,027,335 | ---- | C] () -- C:\Users\Ayame\AppData\Roaming\nvModes.001
[2011/08/29 01:02:58 | 000,027,335 | ---- | C] () -- C:\Users\Ayame\AppData\Roaming\nvModes.dat
[2011/08/28 21:26:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/28 20:29:31 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2011/08/28 19:59:40 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2011/08/28 19:59:39 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2011/08/28 19:49:12 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2011/08/28 19:34:38 | 000,001,356 | ---- | C] () -- C:\Users\Ayame\AppData\Local\d3d9caps.dat
[2007/02/22 17:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcgcoin.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,317,088 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 05:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcgvs.dll
[2005/03/13 13:32:14 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcgcnv4.dll

========== LOP Check ==========

[2011/09/24 13:29:32 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\.minecraft
[2011/11/27 20:26:48 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\Babylon
[2011/10/13 16:39:59 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\DAEMON Tools Lite
[2011/10/13 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\Digiarty
[2011/09/10 02:41:18 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\gtk-2.0
[2011/12/11 02:21:43 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\Mobipocket
[2011/11/27 20:34:41 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\OpenOffice.org
[2011/09/09 00:31:01 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\Template
[2011/10/16 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\tmp
[2011/09/23 01:40:00 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\Unity
[2011/11/24 13:55:08 | 000,000,000 | ---D | M] -- C:\Users\Ayame\AppData\Roaming\uTorrent
[2011/12/08 12:34:19 | 000,016,520 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2011/08/28 23:20:30 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/12/13 00:04:47 | 3219,173,376 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/28 20:04:18 | 000,022,729 | ---- | M] () -- C:\newfile.enc
[2011/08/28 20:04:18 | 000,022,729 | ---- | M] () -- C:\newkey
[2011/12/13 00:04:45 | 3532,976,128 | -HS- | M] () -- C:\pagefile.sys
[2011/11/27 20:26:59 | 000,001,489 | ---- | M] () -- C:\user.js

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll
[2007/01/30 05:32:46 | 000,118,272 | ---- | M] (Lexmark International, Inc.) -- C:\Windows\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2007/12/08 13:34:10 | 000,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >
[2007/12/08 13:34:40 | 003,444,736 | ---- | M] (Dell Inc.) Unable to obtain MD5 -- C:\Windows\system32\WLTRAY.EXE

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/29 11:11:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/29 11:11:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Ayame\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/11/15 00:39:56 | 001,036,344 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/08/29 11:11:54 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/08/29 11:11:55 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/08/29 11:11:55 | 000,748,336 | ---- | M] (Microsoft Corporation)

< End of report >

~~~~~~~~~~~~~~~~~

May i add here..... holy cow that's a lot of text that gives me a head ache @-@

starbuck · Feb 4, 2014

Hi Ayame

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Limewire, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

My fire wall keeps prompting me telling that this one thing is A potentially harmful Malware; so i go to get rid of it and it tells me that it cannot be completely removed,
Click to expand...

It would seem that the Anti Virus part of the Comodo Internet Security is active.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Even running programs from separate vendors .... Comodo Firewall and Avast Anti Virus is not recommended.
They may still conflict.
Therefore please go to add/remove in the control panel and remove either Avast or Comodo Internet Security.

If you keep Avast .... turn on the Windows Firewall.
If you keep Comodo Internet Security.... make sure the AV part is turned on.

Step 1
Double click on OTL to run it.
Copy the lines in bold below. (make sure that :Otl is on the first line )

tl
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O33 - MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\Shell - "" = AutoRun
O33 - MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\Shell - "" = AutoRun
O33 - MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\Shell - "" = AutoRun
O33 - MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\Shell - "" = AutoRun
O33 - MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\Shell - "" = AutoRun
O33 - MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

:Files
C:\Program Files\BabylonToolbar
C:\Program Files\W3i
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]

Return to OTL,

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

.

Click the red Run Fix button.

OTL will reboot your system once the fix has completed.

After the reboot, you may need to double click OTL to launch the program and retrieve the log.

Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles

Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) 7 Update 2 and save it to your desktop.

Scroll down to where it says "Java SE 7 Update 2".

Click the "Download JRE" button to the right.

Accept the license agreement.

select 'Windows x86'offline from the list.

Save the file to your desktop.

Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

Click the Remove or Change/Remove button.

Repeat as many times as necessary to remove each Java versions.

Reboot your computer once all Java components are removed.

Then from your desktop double-click on jre-7u2-windows-i586-p.exe to install the newest version.

Step 3
I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer.
Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Click the Start button.

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Click , and save the file to your desktop using a unique name, such as ESETScan.
Include the contents of this report in your next reply.

Click the button.

Click

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

In your next reply, please submit:
Otl fix report
Eset scan report

Thanks.

AyameTaylor · Dec 19, 2011

Currently Waiting on ESET online scanner.... 2 and a half hours in to it and only sitting at 46% so it shall be a while, but i wanted to get you the first part of the needed information before i go to bed, and with that being said, I am sorry for the late replys all the time. tis the season and all that. Thank you for being so patient with me,

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\InstallIQUpdater deleted successfully.
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347b4499-dd86-11e0-aac4-001e101f3976}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{347b4499-dd86-11e0-aac4-001e101f3976}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347b4499-dd86-11e0-aac4-001e101f3976}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347b49fd-dd86-11e0-aac4-001e101f8a85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{347b49fd-dd86-11e0-aac4-001e101f8a85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{347b49fd-dd86-11e0-aac4-001e101f8a85}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d50c20a-da49-11e0-88f5-002170733b10}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d50c20a-da49-11e0-88f5-002170733b10}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d50c20a-da49-11e0-88f5-002170733b10}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d50c219-da49-11e0-88f5-001e101f8924}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d50c219-da49-11e0-88f5-001e101f8924}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d50c219-da49-11e0-88f5-001e101f8924}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b74f75b6-f613-11e0-add1-001e101f270f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74f75b6-f613-11e0-add1-001e101f270f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b74f75b6-f613-11e0-add1-001e101f270f}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b74f7663-f613-11e0-add1-001e101f39ca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b74f7663-f613-11e0-add1-001e101f39ca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b74f7663-f613-11e0-add1-001e101f39ca}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
========== FILES ==========
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17 folder moved successfully.
C:\Program Files\BabylonToolbar\BabylonToolbar folder moved successfully.
C:\Program Files\BabylonToolbar folder moved successfully.
C:\Program Files\W3i\InstallIQUpdater\images folder moved successfully.
C:\Program Files\W3i\InstallIQUpdater folder moved successfully.
C:\Program Files\W3i folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Ayame\Downloads\cmd.bat deleted successfully.
C:\Users\Ayame\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Ayame
->Temp folder emptied: 688209323 bytes
->Temporary Internet Files folder emptied: 148652693 bytes
->Java cache emptied: 9328765 bytes
->Google Chrome cache emptied: 73923775 bytes
->Flash cache emptied: 47667 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35547285 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4793445535 bytes

Total Files Cleaned = 5,483.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 12192011_035102

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

AyameTaylor · Dec 19, 2011

Sorry once again for the double post. needless to say sleep is not coming to me tonight. The program finished it's scan, here are the results.

C:\Users\Ayame\Downloads\openofficewriter-setup.exe Win32/DownloadAdmin.A.Gen application deleted - quarantined
C:\Users\Ayame\Downloads\SoftonicDownloader_for_paint-net.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\Users\Ayame\Downloads\SoftonicDownloader_for_windows-live-messenger.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12192011_035102\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12192011_035102\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12192011_035102\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12192011_035102\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\12192011_035102\C_Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined

starbuck · Dec 19, 2011

Hi Ayame

I am sorry for the late replys all the time. tis the season and all that.
Click to expand...

It's not a problem.
Just reply when you can.

How's the system running now?
Any problems?

AyameTaylor · Jan 9, 2012

I'll be honest, It still lags to all high-hell. My CPU is constantly running at 100% for extended periods of time. I can't seem to figure out why. I have taken most things off start-up. it just seems to rev with no reason as to why it would be doing so.... i am reminded of a car with a touchy carboraitor, or some-such. my firewall is behaving as far as i can tell now though.

starbuck · Jan 9, 2012

Hi Ayame

It still lags to all high-hell.
Click to expand...

Your previous OTL does show of few unnecessary start up programs.
Let me have a new OTL report using the following instructions and we'll sort those out for you.

Double click on OTL to run it.

Under Extra Registry section, select Use SafeList.

Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.

Click on Run Scan at the top left hand corner.

When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

Log in or Sign up

Why Is My Firewall Asking Me What To Do... As If I Know?

AyameTaylor Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

AyameTaylor Registered Members

PseFrank Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Log in or Sign up

Why Is My Firewall Asking Me What To Do... As If I Know?

AyameTaylor Registered Members

BeeCeeBee ADMINISTRATOR IN MEMORY

AyameTaylor Registered Members

PseFrank Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

AyameTaylor Registered Members

starbuck Rest In Peace Pete Administrator

Share This Page

Useful Searches