MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: Is this a virus?
June 18, 2019, 10:21:47 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 18, 2019, 10:21:47 PM

Login with username, password and session length
 
News
12th Anniversary Celebrating 12 Years! (1997 - 2009) 12th Anniversary
Thanks to ALL that make this site what it is!
  0 Members and 1 Guest are viewing this topic.
Pages: [1] 2  All Go Down Print
Author Topic: Is this a virus?  (Read 5331 times)
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« on: August 16, 2012, 11:42:34 PM »

Hi

My partner has an acer one notebook running windows vista. Recently it has started running extremely slowly, it takes ages to do anything. It will not play video at all (youtube etc) and when trying toplay one using crome a message comes up to say that shockwave had crashed. Also when you first boot up the netbook there is a message saying the application failed to initialise, contact customer care. Although it doesn't say which application.

Could these be due to a virus?

Any help appeciated.

Ian
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #1 on: August 18, 2012, 02:12:01 AM »

Hi and welcome.

 Please make sure you carry out all the Prework instructions posted here. Thankyou.
Logged

An Australian Member of

EDDY
itvarnews
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 2


Bookmark and Share

View Profile
« Reply #2 on: August 23, 2012, 11:04:24 AM »

Dear mrtubs please mentionl what  has your friend done with his notebook in the recent time due to which these problems have occured..........only then anyone can help you out in this regard.
itvarnews
Logged
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #3 on: August 28, 2012, 09:43:43 AM »

Hi
Sorry it has taken so long to get back.
The OTL is as follows, MBR to follow:


OTL logfile created on: 27/08/2012 22:38:39 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\alzy\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.53% Memory free
4.22 Gb Paging File | 2.97 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 153.28 Gb Free Space | 68.77% Space Free | Partition Type: NTFS
 
Computer Name: ALZYS-PC | User Name: alzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/08/27 22:35:13 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\alzy\Downloads\OTL.exe
PRC - [2012/08/10 03:50:22 | 006,667,688 | ---- | M] (Systweak) -- C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
PRC - [2012/05/25 17:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/05/25 17:07:30 | 000,161,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2012/05/25 17:07:04 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2012/03/21 21:17:10 | 000,795,600 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcupdate.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/10/19 13:53:48 | 000,983,480 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2009/05/29 08:56:04 | 000,023,064 | ---- | M] (Intel Corporation) -- C:\Windows\System32\PersistenceThread.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/02/20 02:52:20 | 000,817,672 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/02/11 15:46:28 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/17 10:44:58 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/18 15:04:18 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/08/17 23:28:55 | 000,442,392 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
MOD - [2012/08/17 23:28:54 | 012,236,824 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
MOD - [2012/08/17 23:28:52 | 003,997,720 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
MOD - [2012/08/17 23:27:23 | 000,144,424 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\avutil-51.dll
MOD - [2012/08/17 23:27:22 | 000,266,792 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\avformat-54.dll
MOD - [2012/08/17 23:27:21 | 002,480,680 | ---- | M] () -- C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\avcodec-54.dll
MOD - [2012/08/17 16:19:48 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\8455a2be044530a091b714f5a6415d6b\CustomMarshalers.ni.dll
MOD - [2012/08/14 22:14:54 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8bbcd31ecc8edc7d1f9cdd83ef2bb2d3\System.ServiceProcess.ni.dll
MOD - [2012/08/14 22:13:56 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\18050fc0ebf2c4835d05ffd337aa1616\System.Deployment.ni.dll
MOD - [2012/08/14 22:13:25 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/08/14 22:12:03 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/08/14 22:11:57 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/08/14 22:10:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/08/14 22:09:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/08/14 22:07:06 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/08/14 22:05:58 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/08/14 22:02:56 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/08/14 22:02:17 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012/08/14 21:38:57 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/08/14 21:37:32 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/08/10 03:50:22 | 001,729,960 | ---- | M] () -- C:\Program Files\Advanced System Protector\aspsys.dll
MOD - [2012/07/24 23:33:14 | 000,886,272 | ---- | M] () -- C:\Program Files\Advanced System Protector\System.Data.SQLite.dll
MOD - [2010/07/09 13:26:29 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2009/06/01 16:25:40 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/30 05:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/08/23 11:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/15 23:19:58 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/25 17:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/05/25 17:07:30 | 000,161,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/05/25 17:07:04 | 000,166,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2009/02/05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008/01/21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2009/06/23 14:53:18 | 001,181,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/24 07:29:28 | 000,163,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2003/10/01 15:29:50 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\OEM\factory\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vb32&d=0709&m=ao751h
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ig?hl=en
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{24CEA42F-8C39-4067-965C-7A58A0F5E666}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_enGB347
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_enGB347&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=PdRPM6pjlCiRU2Lby_AaOgkR9pk?q={searchTerms}
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms}
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alzy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alzy\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.349.0\firefox\extensions [2011/02/26 14:26:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/08/14 21:29:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/27 09:08:48 | 000,000,000 | ---D | M]
 
[2009/10/07 19:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alzy\AppData\Roaming\mozilla\Extensions
[2009/10/07 19:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\alzy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
 
========== Chrome  ==========
 
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\alzy\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\alzy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20120818144422.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PersistenceThread] C:\Windows\System32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe File not found
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000..\Run: [EPSON SX100 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O9 - Extra Button: ShopperReports - Compare product prices - {DB38E21A-0133-419d-92AD-ECDFD5244D6D} - Reg Error: Key error. File not found
O9 - Extra Button: ShopperReports - Compare travel rates - {EB620C54-E229-4942-87CE-E717109FC8C6} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3396686873-718802974-3092183920-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97D71631-F1A5-4374-B32B-BAAA81C59F4D}: DhcpNameServer = 60.70.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3E4ECCB-C7D9-4A71-A1AE-BD9927CB544C}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alzy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\alzy\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c99f7142-aec1-11de-8465-00238bfd63e8}\Shell - "" = AutoRun
O33 - MountPoints2\{c99f7142-aec1-11de-8465-00238bfd63e8}\Shell\AutoRun\command - "" = E:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - Service
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/27 22:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/27 09:08:15 | 000,000,000 | R--D | C] -- C:\Users\alzy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2012/08/21 00:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2012/08/21 00:45:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/08/21 00:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2012/08/21 00:43:33 | 000,000,000 | ---D | C] -- C:\Users\alzy\AppData\Roaming\Systweak
[2012/08/21 00:43:28 | 000,017,320 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/08/21 00:43:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2012/08/21 00:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\RegClean Pro
[2012/08/17 20:03:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2012/08/17 15:28:06 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/17 15:20:47 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/08/17 15:20:46 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/08/17 15:20:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/08/17 15:20:43 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/08/17 15:20:42 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/08/17 15:19:28 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2012/08/16 22:51:20 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/08/16 22:51:19 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 22:51:18 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/08/16 22:51:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 22:51:16 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/08/16 22:51:16 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/08/16 22:51:16 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/08/16 22:51:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/08/16 22:51:13 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/08/16 22:51:13 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/08/16 22:51:13 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/08/16 22:51:11 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/08/16 22:51:11 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/08/16 22:51:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/08/16 22:51:11 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/08/16 22:51:11 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/08/16 22:51:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 22:51:10 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/08/16 22:51:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 22:51:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/08/16 22:51:08 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/08/16 22:51:08 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/08/16 22:51:08 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/08/16 22:51:08 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/08/16 22:51:05 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 22:51:05 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 22:51:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/08/16 22:51:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/08/16 22:51:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/08/16 22:51:04 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/08/16 22:51:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 22:51:03 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/08/16 22:51:03 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/08/16 22:51:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/08/16 22:51:02 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/08/16 22:51:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/08/16 22:51:01 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/08/13 23:59:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/12 23:43:54 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2012/08/12 23:43:52 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2012/08/12 23:43:52 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2012/08/12 23:39:50 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2012/08/12 23:39:43 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs*xt.dll
[2012/08/12 23:39:42 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2012/08/12 23:39:42 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2012/08/12 23:39:42 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2012/08/12 23:39:40 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2012/08/12 23:36:48 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2012/08/12 23:36:48 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2012/08/12 23:36:42 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2012/08/12 23:36:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2012/08/12 23:36:38 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2012/08/12 23:36:37 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2012/08/12 23:36:37 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2012/08/12 23:36:37 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2012/08/12 23:36:37 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2012/08/12 23:36:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2012/08/12 23:36:37 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClass*xtension.dll
[2012/08/12 23:36:36 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2012/08/09 18:04:46 | 000,009,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2012/08/09 18:04:02 | 000,151,912 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2012/08/09 18:03:51 | 000,169,608 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2012/08/09 18:03:50 | 000,087,656 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2012/08/09 18:03:49 | 000,464,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2012/08/09 18:03:49 | 000,340,920 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2012/08/09 18:03:48 | 000,180,848 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2012/08/09 18:03:48 | 000,121,544 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2012/08/09 18:03:48 | 000,059,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2012/08/09 18:03:47 | 000,057,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2012/08/09 16:15:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/08/09 16:15:12 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2012/08/09 16:15:12 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2012/08/09 16:15:12 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2012/08/09 16:15:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2012/08/09 16:15:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/08/09 16:14:24 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2012/08/09 16:14:23 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2012/08/09 16:14:23 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2012/08/09 16:14:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2012/08/09 16:14:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2012/08/09 16:14:20 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2012/08/09 16:14:19 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2012/08/09 16:14:18 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2012/08/09 16:14:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2012/08/09 16:14:17 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2012/08/09 16:14:13 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2012/08/09 16:14:12 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2012/08/09 16:13:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2012/08/09 16:12:40 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2012/08/09 16:12:39 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/08/09 16:12:39 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2012/08/09 16:12:38 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2012/08/09 16:12:38 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2012/08/09 16:12:37 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2012/08/09 16:12:19 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/08/09 16:10:44 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2012/08/09 16:10:40 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/08/09 16:10:40 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/08/09 16:10:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/08/09 16:09:43 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2012/08/09 16:09:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2012/08/09 16:08:47 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/09 16:08:47 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/08/09 16:07:05 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/08/09 15:32:49 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2012/08/09 15:17:35 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/08/09 14:42:13 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/08/09 14:42:12 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/08/09 14:41:17 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/08/09 14:41:17 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/08/09 14:41:17 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/08/09 14:41:04 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/08/09 14:41:04 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/08/08 22:38:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/08/08 22:38:40 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/08/08 22:38:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/08/07 21:17:03 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2012/08/07 21:16:56 | 001,081,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCExt.dll
[2012/08/07 21:16:52 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2012/08/07 21:16:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2012/08/07 21:16:48 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2012/08/07 21:16:45 | 001,480,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2012/08/07 21:16:42 | 000,684,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\spsys.sys
[2012/08/07 21:16:41 | 001,576,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2012/08/07 21:16:39 | 000,779,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2012/08/07 21:16:37 | 000,928,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavenge.dll
[2012/08/07 21:16:33 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2fs.dll
[2012/08/07 21:16:31 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2012/08/07 21:16:31 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2012/08/07 21:16:29 | 000,619,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2012/08/07 21:16:24 | 000,978,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2012/08/07 21:16:24 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spinstall.exe
[2012/08/07 21:16:24 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spreview.exe
[2012/08/07 21:16:22 | 000,438,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2012/08/07 21:16:22 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwizui.dll
[2012/08/07 21:16:19 | 000,670,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2012/08/07 21:16:18 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2012/08/07 21:16:17 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
[2012/08/07 21:16:17 | 000,351,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2012/08/07 21:16:15 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2012/08/07 21:16:14 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10K.DLL
[2012/08/07 21:16:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2012/08/07 21:16:12 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sperror.dll
[2012/08/07 21:16:12 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2012/08/07 21:16:11 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IasMigReader.exe
[2012/08/07 21:16:07 | 001,589,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjet40.dll
[2012/08/07 21:16:04 | 000,883,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IMJP10.IME
[2012/08/07 21:16:03 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\diagperf.dll
[2012/08/07 21:16:03 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ms*xch40.dll
[2012/08/07 21:16:02 | 000,327,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\P2PGraph.dll
[2012/08/07 21:16:01 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2012/08/07 21:16:00 | 000,986,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2012/08/07 21:15:59 | 001,792,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mmc.exe
[2012/08/07 21:15:59 | 000,950,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mblctr.exe
[2012/08/07 21:15:59 | 000,203,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
[2012/08/07 21:15:58 | 000,454,144 | ---- | C] (Microsoft) -- C:\Windows\System32\IasMigPlugin.dll
[2012/08/07 21:15:57 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2012/08/07 21:15:56 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RacEngn.dll
[2012/08/07 21:15:53 | 002,012,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
[2012/08/07 21:15:53 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2012/08/07 21:15:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
[2012/08/07 21:15:52 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2012/08/07 21:15:50 | 000,950,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gpedit.dll
[2012/08/07 21:15:50 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msjtes40.dll
[2012/08/07 21:15:49 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinSAT.exe
[2012/08/07 21:15:49 | 000,099,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2012/08/07 21:15:48 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Magnify.exe
[2012/08/07 21:15:47 | 000,282,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstext40.dll
[2012/08/07 21:15:46 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ms*xcl40.dll
[2012/08/07 21:15:46 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwmi.dll
[2012/08/07 21:15:45 | 001,555,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsAnytimeUpgradeCPL.dll
[2012/08/07 21:15:45 | 000,454,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxbde40.dll
[2012/08/07 21:15:43 | 001,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2012/08/07 21:15:42 | 000,643,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrepl40.dll
[2012/08/07 21:15:41 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2012/08/07 21:15:41 | 000,469,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\newdev.dll
[2012/08/07 21:15:40 | 000,205,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\eudcedit.exe
[2012/08/07 21:15:40 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2012/08/07 21:15:40 | 000,102,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2012/08/07 21:15:39 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/08/07 21:15:37 | 001,788,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
[2012/08/07 21:15:37 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mspbde40.dll
[2012/08/07 21:15:36 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msltus40.dll
[2012/08/07 21:15:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EhStorPwdMgr.dll
[2012/08/07 21:15:34 | 001,053,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtctm.dll
[2012/08/07 21:15:34 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrd3x40.dll
[2012/08/07 21:15:33 | 000,250,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
[2012/08/07 21:15:33 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2012/08/07 21:15:30 | 000,614,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2012/08/07 21:15:29 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SLCommDlg.dll
[2012/08/07 21:15:29 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2012/08/07 21:15:27 | 001,730,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apds.dll
[2012/08/07 21:15:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\compcln.exe
Logged

 
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #4 on: August 28, 2012, 09:45:07 AM »

OTL Extras logfile created on: 27/08/2012 22:38:39 - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\alzy\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.99 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.53% Memory free
4.22 Gb Paging File | 2.97 Gb Available in Paging File | 70.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.88 Gb Total Space | 153.28 Gb Free Space | 68.77% Space Free | Partition Type: NTFS
 
Computer Name: ALZYS-PC | User Name: alzy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6ED66ABC-5F6B-4FA3-B6E7-23C8C0E117E2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D0F4F009-D62E-470D-9312-E38B08E7696A}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F236B0D-E244-4574-94E8-274CA2A49FCF}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{28F5746B-5E44-4D31-B805-8E2272AA1EDF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{362938F6-F7C5-4BFF-83CB-C4A6BD42B194}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{3EC04F12-F593-4BD2-9620-3E167B828A20}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{587FDDBA-B266-433D-BDC2-0CC319C945D7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{63B98BAB-5520-42E9-82D5-0CFB6641C3A5}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{695FB684-CFC5-458F-875B-9C35CA0A4F57}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BE4E137-694B-48E0-994B-1B0FE009173B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{831A5B35-DDBF-4988-928B-6185430FE045}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe |
"{846B5F1C-B7EB-4B7A-9ACD-0D103746673C}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{8FCA0E43-1445-4DA1-8E36-B74435EA953F}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{9F041E64-39B9-4D3A-A941-DFE5582E67BA}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{A0B62330-B39C-4F5E-BEE1-0D9A5993F12C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{A2EB77C3-4C26-4BCC-AC66-52A9A75C2B38}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{BA009770-8875-4315-A146-E8305231561F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BCC4047E-73A0-4F86-ABEE-235D3C48D10C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC62FF90-064E-49B2-8B13-B7E10F97225C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{D4CEFCB4-44E3-493D-9CCF-AA746AA9A7B4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DB242A1B-56CA-4596-8C5A-8D3ED8F071F5}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"{EDF13F3E-E447-44E0-9581-E508D0BD0BF8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F77A97E9-EE90-4E72-A073-C0C5743DA838}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78076104-12C3-462E-8B4F-149519CE4AB0}" = calibre
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110186437}" = Air Strike 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{85C411A0-9A9F-4C74-9EEB-BA50EB9D2E4D}" = O2 Connection Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye webcam 2.2.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BearShare MediaBar" = MediaBar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Scanner" = EPSON Scan
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Google Desktop" = Google Desktop
"HBLiteSA" = Hotbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LManager" = Launch Manager
"LPCO" = Intel(R) Graphics Media Accelerator 500
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee SecurityCenter
"QuestBrowse" = QuestBrowse 1.0 build 129 powered by FIRST SEARCHBAR
"RegClean Pro_is1" = RegClean Pro
"ShoppingReport2" = ShopperReports
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vShare" = vShare Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Search Defender" = Yahoo! Search Protection
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3396686873-718802974-3092183920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blinkx beat" = blinkx beat
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 21/05/2012 17:54:18 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12168
 
Error - 21/05/2012 17:54:18 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12168
 
Error - 22/05/2012 11:54:20 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22/05/2012 11:54:20 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64814594
 
Error - 22/05/2012 11:54:20 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64814594
 
Error - 22/05/2012 11:54:21 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22/05/2012 11:54:21 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64815592
 
Error - 22/05/2012 11:54:21 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64815592
 
Error - 22/05/2012 11:54:22 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 22/05/2012 11:54:22 | Computer Name = alzys-pc | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64816606
 
[ System Events ]
Error - 21/09/2010 11:26:22 | Computer Name = alzys-pc | Source = HTTP | ID = 15016
Description =
 
Error - 29/09/2010 07:50:30 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 09:27:57 | Computer Name = alzys-pc | Source = Service Control Manager | ID = 7011
Description =
 
Error - 29/09/2010 09:29:45 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 10:24:04 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 12:29:27 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 13:47:29 | Computer Name = alzys-pc | Source = Service Control Manager | ID = 7011
Description =
 
Error - 29/09/2010 13:49:20 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 17:19:55 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
Error - 29/09/2010 17:23:20 | Computer Name = alzys-pc | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{F62041CD-77B2-48C6-9DBC-BB13B7E3481B}
 because another computer on the network has the same name.  The server could not
 start.
 
 
< End of report >
Logged

 
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #5 on: August 28, 2012, 09:51:44 AM »

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-28 10:46:24
-----------------------------
10:46:24.424    OS Version: Windows 6.0.6002 Service Pack 2
10:46:24.424    Number of processors: 2 586 0x1C02
10:46:24.424    ComputerName: ALZYS-PC  UserName: alzy
10:46:31.461    Initialize success
10:47:00.836    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:47:00.851    Disk 0 Vendor: TOSHIBA_MK2555GSX FG001J Size: 238475MB BusType: 3
10:47:00.882    Disk 0 MBR read successfully
10:47:00.898    Disk 0 MBR scan
10:47:00.914    Disk 0 Windows VISTA default MBR code
10:47:00.929    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10240 MB offset 2048
10:47:00.960    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       228233 MB offset 20973568
10:47:00.992    Disk 0 scanning sectors +488394752
10:47:01.085    Disk 0 scanning C:\Windows\system32\drivers
10:47:11.398    Service scanning
10:47:38.356    Modules scanning
10:47:49.088    Disk 0 trace - called modules:
10:47:49.151    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
10:47:49.182    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85850740]
10:47:49.213    3 CLASSPNP.SYS[883ac8b3] -> nt!IofCallDriver -> [0x85221918]
10:47:49.244    5 acpi.sys[806976bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84876b98]
10:47:49.291    Scan finished successfully
10:50:36.129    Disk 0 MBR has been saved successfully to "C:\Users\alzy\Desktop\MBR.dat"
10:50:36.176    The log file has been saved successfully to "C:\Users\alzy\Desktop\aswMBR.txt"

Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: August 28, 2012, 10:24:08 PM »


 
Please download Malwarebytes Anti-Malware from Malwarebytes.org
Alternate link: Download Mirror
 
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
 
Double Click mbam-setup.exe to install the application.
 
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
Copy and paste the entire report in your next reply.
If Malwarebytes fails to download please use the following link:
 
http://malwarebytes.org/mbam-download-exe-random.php



=============================================


Download Combofix from any of the links below, and save it to your desktop.

Link 1

Link 2

When saving ComboFix rename it to PCHelpForum.exe to prevent it from being blocked by malware.


Refer to this image:

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click PCHelpForum.exe to run it.

    You will see the following image:




Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:





As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.





Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.





Logged

An Australian Member of

EDDY
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #7 on: August 31, 2012, 11:11:14 PM »

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.30.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alzy :: ALZYS-PC [administrator]

30/08/2012 18:46:04
mbam-log-2012-08-30 (18-46-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 313798
Time elapsed: 6 hour(s), 28 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 20
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DB38E21A-0133-419D-92AD-ECDFD5244D6D} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EB620C54-E229-4942-87CE-E717109FC8C6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491d-8AE3-F90B43A34FD6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.
HKCU\Software\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HBLiteSA (Adware.HotBar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuestBrowse (Adware.QuestBrowse) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShoppingReport2 (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.349.0\firefox\extensions -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 15
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\alzy\AppData\Roaming\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin\11.0.349.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin\11.0.349.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin\11.0.349.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin\11.0.349.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2\Bin (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport2\Bin\2.7.34 (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.
C:\ProgramData\QuestBrwSearch (Adware.QuestBrowse) -> Quarantined and deleted successfully.

Files Detected: 9
C:\ProgramData\HBLiteSA\HBLiteSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HBLiteSA\HBLiteSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HBLite\bin\11.0.349.0\firefox\extensions\install.rdf (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\About Hotbar.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Customer Support Center.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar\Hotbar Uninstall Instructions.lnk (Adware.Hotbar) -> Quarantined and deleted successfully.

(end)
Logged

 
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #8 on: September 01, 2012, 09:01:54 AM »

ComboFix 12-08-31.03 - alzy 01/09/2012   0:41.1.2 - x86
Microsoft
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #9 on: September 02, 2012, 01:25:06 AM »

Nearly done....




========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:

Quote



File::
Folder::
c:\program files\Ask.com
c:\progra~1\BEARSH~1\MediaBar
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0974BA1E-64EC-11DE-B2A5-E43756D89593}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
Rootkit::
DDS::
RESTORE::
RegNull::
ATJob::
FireFox::
MBR::
TDL::
 


 

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste  the ComboFix.txt in your next reply  please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*


Logged

An Australian Member of

EDDY
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #10 on: September 03, 2012, 11:10:23 PM »

ComboFix 12-09-03.07 - alzy 03/09/2012  23:37:12.2.2 - x86
Microsoft
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #11 on: September 03, 2012, 11:33:17 PM »

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


You can now uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall



(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.


Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================


Logged

An Australian Member of

EDDY
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #12 on: September 03, 2012, 11:49:20 PM »

Hi
Thank you so much, the netbook is running faster now.  However the video is still not working.  For example my partner likes to play online bingo. She uses www.meccabingo.com but it is impossible to play because the bingo cards would show up.  Any suggestions.
Logged

 
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #13 on: September 04, 2012, 12:02:53 AM »

Ok.Thats not really my field.See the guys over at http://www.pchelpforum.com/xf/forums/windows-vista-and-windows-7.377/ they know their stuff.They come highly recomended.
Logged

An Australian Member of

EDDY
mrtubs
Sr. Member
****

Karma: +0/-0
Offline Offline

Gender: Male
Posts: 163


Bookmark and Share

View Profile
« Reply #14 on: September 04, 2012, 10:21:59 PM »

Many thanks for all of your help.  It is working much faster.

Thank you
Logged

 
Pages: [1] 2  All Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 13, 2019, 11:44:07 AM