Solved Trojan Zero Access found by McAfee... can you help?

broni · 2012/08/08

Combofix will disconnect you.

Supawoman · 2012/08/08

Thanks, will do the combofix now...

Supawoman · 2012/08/08

Combo fix log

ComboFix 12-08-07.05 - Rachel Laptop 08/08/2012 18:19:29.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3067.2087 [GMT 1:00]
Running from: c:\users\Rachel Laptop\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Rachel Laptop\AppData\Roaming\.#
c:\users\Rachel Laptop\AppData\Roaming\siw_sdk.dll
c:\users\Rachel Laptop\GoToAssistDownloadHelper.exe
c:\windows\system32\~GLH0003.TMP
c:\windows\system32\~GLH0004.TMP
c:\windows\system32\~GLH0005.TMP
c:\windows\WindowsUpdate.log . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 17:31 . 2012-08-08 17:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-08 17:31 . 2012-08-08 17:31 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2012-08-08 17:31 . 2012-08-08 17:31 -------- d-----w- c:\users\TEMP.RACHLAPTOP-PC\AppData\Local\temp
2012-08-08 17:31 . 2012-08-08 17:31 -------- d-----w- c:\users\Mcx1-RACHLAPTOP-PC\AppData\Local\temp
2012-08-08 17:31 . 2012-08-08 17:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-08 07:41 . 2012-08-08 07:41 -------- d-----w- C:\FRST
2012-07-26 15:57 . 2012-07-26 15:57 -------- d-----w- c:\program files\Oracle
2012-07-17 07:34 . 2012-07-17 07:34 -------- d-----w- c:\program files\GUM656.tmp
2012-07-17 07:34 . 2012-07-17 07:34 4024320 ----a-w- c:\program files\GUT657.tmp
2012-07-12 18:41 . 2012-07-12 18:41 -------- d-----w- c:\users\Rachel Laptop\AppData\Roaming\Malwarebytes
2012-07-12 18:40 . 2012-07-12 18:40 -------- d-----w- c:\programdata\Malwarebytes
2012-07-12 18:40 . 2012-07-12 18:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-12 18:40 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-12 15:26 . 2012-07-12 15:26 -------- d-----w- c:\program files\SIW
2012-07-10 20:26 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-07 07:48 . 2012-03-30 23:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-07 07:48 . 2011-05-19 14:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 16:52 . 2012-06-16 20:09 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-05 21:06 . 2012-05-16 20:04 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-05 21:06 . 2011-08-11 17:12 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-30 21:51 . 2012-06-30 21:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-06-30 21:51 . 2012-06-30 21:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-06-21 17:34 . 2012-06-21 17:34 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-21 17:34 . 2012-06-21 17:34 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-21 17:33 . 2012-06-21 17:33 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-16 19:57 . 2012-06-16 19:57 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-06-16 19:26 . 2012-06-16 19:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-16 19:26 . 2012-06-16 19:26 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-21 17:04 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:04 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 17:04 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 17:04 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 17:03 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 17:03 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:12 . 2012-06-21 17:03 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 10:26 . 2012-05-23 19:51 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-05-23 19:47 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2012-05-23 19:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-05-23 19:47 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-05-23 19:47 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-05-23 19:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2012-05-23 19:47 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-05-23 19:47 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-05-23 19:47 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 10:26 . 2012-05-23 19:47 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-05-23 19:47 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-05-23 19:47 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 09:28 . 2012-05-23 19:51 2561344 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:28 . 2012-05-23 19:51 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-05-23 19:51 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-05-23 19:51 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-05-23 19:51 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-05-23 19:51 2759488 ----a-w- c:\windows\system32\nvsvc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@= "{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@= "{3c3f3c1a-9153-7c05-f938-622e7003894d} "
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@= "{e6ea1d7d-144e-b977-98c4-84c53c1a69d0} "
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@= "{b4caf489-1eec-c617-49ad-8d7088598c06} "
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 20:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe "= "c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-05-16 1084840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl "= "c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2011-03-29 8120864]
"Acer ePower Management "= "c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"AmIcoSinglun "= "c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-10-24 237568]
"BackupManagerTray "= "c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"EgisTecLiveUpdate "= "c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-03-28 30192]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"IAAnotif "= "c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"mwlDaemon "= "c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"VitaKeyPdtWzd "= "c:\program files\Acer Bio Protection\PdtWzd.exe" [2011-04-25 3567616]
"Apoint "= "c:\program files\Apoint2K\Apoint.exe" [2011-04-25 217088]
"LManager "= "c:\program files\Launch Manager\LManager.exe" [2011-04-25 1100368]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcadeDeluxeAgent "= "c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2011-01-28 419112]
"PlayMovie "= "c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2011-01-28 181480]
"ProfilerU "= "c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 227840]
"SaiMfd "= "c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 123392]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"mcui_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Reader Application Helper "= "c:\program files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe" [2012-01-31 892928]
"Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 5 (0x5)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableUIADesktopToggle "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=" "
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Rachel Laptop^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Rachel Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-05-16 14:44 1084840 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2008-07-29 18:29 200704 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchEngineProtection]
2011-03-03 14:33 591248 ----a-w- c:\program files\GamesBar\SearchEngineProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony PC Companion]
2012-04-12 09:56 445624 ----a-w- c:\program files\Sony\Sony PC Companion\PCCompanion.exe
.
R2 CLKMSVC10_D20A29D4;CyberLink Product - 2012/02/23 23:59;c:\program files\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 SaiH0004;SaiH0004;c:\windows\system32\DRIVERS\SaiH0004.sys [x]
R3 SaiL0004;SaiL0004;c:\windows\system32\DRIVERS\SaiL0004.sys [x]
R3 SaiU0004;SaiU0004;c:\windows\system32\DRIVERS\SaiU0004.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [x]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [x]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 SaiK0CCC;SaiK0CCC;c:\windows\system32\DRIVERS\SaiK0CCC.sys [x]
S3 SaiU0CCC;SaiU0CCC;c:\windows\system32\DRIVERS\SaiU0CCC.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - AlfaFF
*Deregistered* - CLKMDRV10_D20A29D4
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:48]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 21:01]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-29 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0311&m=aspire_7738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
Trusted Zone: isvinternet.com\fastpath
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: ISVFlashIE2_CabSetup - hxxp://download.isvinternet.com/public/isvflashie2_cabsetup.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-AVerMedia A309 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A309 (MiniCard
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
"MSCurrentCountry "=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial "=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(656)
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
- - - - - - - > 'Explorer.exe'(4952)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNamespaceExt.dll
c:\program files\WIDCOMM\Bluetooth Software\BtwNeLib.dll
c:\program files\WIDCOMM\Bluetooth Software\btwapi.dll
c:\program files\WIDCOMM\Bluetooth Software\btosif.dll
c:\program files\WIDCOMM\Bluetooth Software\btwpimif.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer Bio Protection\CompPtcVUI.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\vssvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\program files\Common Files\McAfee\Core\mchost.exe
c:\progra~1\mcafee\VIRUSS~1\mcvsmap.exe
.
**************************************************************************
.
Completion time: 2012-08-08 18:44:05 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 17:44
.
Pre-Run: 193,987,645,440 bytes free
Post-Run: 196,979,011,584 bytes free
.
- - End Of File - - 3D61A1C53AA07BBAE0A79D0E4832A968

broni · 2012/08/08

Looks good

How is computer doing?

=========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Supawoman · 2012/08/08

Thank Broni, it's working faster than before... although I keep getting a little box appearing telling me I'm about to navigate to a non secure internet connection and asking me if i want to continue...

Will run the OTL now

broni · 2012/08/08

This is a standard warning which can be disabled.
See here: http://www.mydigitallife.info/disab...nt-delivered-securely-security-warning-in-ie/

Supawoman · 2012/08/08

OTL log part 1

OTL logfile created on: 08/08/2012 19:51:39 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rachel Laptop\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.50% Memory free
5.99 Gb Paging File | 4.34 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.32 Gb Total Space | 183.53 Gb Free Space | 64.32% Space Free | Partition Type: NTFS

Computer Name: RACHLAPTOP-PC | User Name: Rachel Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 19:40:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel Laptop\Desktop\OTL.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/05/15 10:28:16 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/05/15 10:27:34 | 000,857,920 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/04/22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/04/22 13:50:32 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/03/21 21:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/01/31 19:35:30 | 000,892,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/04/25 16:59:26 | 001,100,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/04/25 16:52:57 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Hidfind.exe
PRC - [2011/04/25 16:39:26 | 004,191,232 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PwdBank.exe
PRC - [2011/04/25 16:39:25 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe
PRC - [2011/04/25 16:39:19 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe
PRC - [2011/04/25 16:39:18 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/28 20:43:54 | 000,181,480 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2011/01/28 14:08:56 | 000,419,112 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/07/29 11:54:00 | 000,123,392 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
PRC - [2010/07/29 11:53:38 | 000,227,840 | ---- | M] (Saitek) -- C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
PRC - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/06/23 17:19:14 | 000,711,200 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009/06/23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009/06/23 17:19:12 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/14 23:03:30 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009/05/14 23:03:18 | 000,345,384 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/05/13 19:39:42 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/04/13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/11 19:32:06 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2008/11/27 11:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008/10/24 21:18:26 | 000,237,568 | ---- | M] (AlcorMicro Co., Ltd.) -- C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/05/16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/05/16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/05/16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/05/16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/05/16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/05/16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/05/16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/05/16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/05/16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/05/16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/05/16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/05/16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/05/16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/05/16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/05/16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/05/16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/05/16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/05/16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/05/16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/05/16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012/01/31 19:36:28 | 000,884,736 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\fsk.dll
MOD - [2012/01/31 19:35:32 | 000,143,360 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
MOD - [2012/01/31 19:34:34 | 000,172,032 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\USBDetector.dll
MOD - [2012/01/31 19:33:22 | 000,018,432 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
MOD - [2012/01/31 19:33:18 | 000,009,728 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskPower.dll
MOD - [2012/01/31 19:33:16 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
MOD - [2012/01/31 19:33:16 | 000,008,704 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
MOD - [2012/01/31 19:33:14 | 000,028,160 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ticket.dll
MOD - [2012/01/31 19:33:12 | 000,012,288 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
MOD - [2012/01/31 19:31:42 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
MOD - [2012/01/31 19:31:36 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\Fskin.dll
MOD - [2012/01/31 19:31:36 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
MOD - [2012/01/31 19:31:04 | 000,033,792 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
MOD - [2011/11/17 22:06:54 | 000,798,720 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\FskSecurity.dll
MOD - [2011/11/17 20:47:08 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\ReaderDesktop\appHelper\ebookUsb.dll
MOD - [2009/04/13 11:09:00 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/02/02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2012/08/07 08:48:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 11:26:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/04/19 08:21:16 | 000,361,976 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/03/20 13:11:32 | 000,151,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/03/20 13:05:00 | 000,161,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/03/20 13:04:32 | 000,166,288 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/01/18 14:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/11/17 22:12:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2011/04/25 16:39:18 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC)
SRV - [2011/04/25 13:07:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/11 15:54:28 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\NavFilter\kmsvc.exe -- (CLKMSVC10_D20A29D4)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 19:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/04/13 21:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/01/28 13:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)
SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/23 17:19:14 | 000,707,104 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/05/14 23:03:30 | 000,305,448 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2008/11/27 11:00:58 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | Auto | Stopped] -- c:\Windows\system32\drivers\int15.sys -- (int15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RACHEL~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/30 22:51:30 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/06/30 22:51:30 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012/05/15 11:26:00 | 011,354,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/04/22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/04/18 18:08:04 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/03/02 05:13:58 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2012/02/22 13:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 13:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 13:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 13:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 13:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 13:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 13:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 13:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 13:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/04/25 16:52:48 | 000,203,824 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2011/04/25 16:42:28 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/08/10 09:40:34 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2010/08/10 09:40:34 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2010/08/10 09:40:25 | 000,138,760 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiK0CCC.sys -- (SaiK0CCC)
DRV - [2010/08/10 09:40:25 | 000,035,336 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiU0CCC.sys -- (SaiU0CCC)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/04/13 21:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/09/15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/12/04 18:34:34 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2008/12/04 18:34:34 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2008/12/04 18:34:34 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2008/10/08 10:43:08 | 000,005,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidshim.sys -- (hidshim)
DRV - [2008/10/08 10:43:06 | 000,022,528 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV - [2008/09/04 05:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2006/09/14 09:56:25 | 000,027,392 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiU0004.sys -- (SaiU0004)
DRV - [2006/09/14 09:56:24 | 000,182,528 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH0004.sys -- (SaiH0004)
DRV - [2006/09/14 09:56:24 | 000,015,104 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiL0004.sys -- (SaiL0004)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&s=2&o=vp32&d=0311&m=aspire_7738
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

Supawoman · 2012/08/08

OTL log part 2

IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\SearchScopes,DefaultScope = {A3D9C648-AAF7-4180-AC81-4D9075F05EC6}
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\SearchScopes\{3D3B242E-76ED-410E-A11E-87FAFC73B788}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\SearchScopes\{A3D9C648-AAF7-4180-AC81-4D9075F05EC6}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW
IE - HKU\S-1-5-21-10846428-1523018426-381146312-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@sony.com/ReaderDesktop: C:\Program Files\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Rachel Laptop\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Rachel Laptop\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/29 21:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/21 15:34:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/07/26 21:00:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/08/08 18:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/29 21:40:18 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Rachel Laptop\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Game Face Plugin (Enabled) = C:\Users\Rachel Laptop\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Bouncy Mouse = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb\1.0.1_0\
CHR - Extension: Monster Dash = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknghehebaconkajgiobncfleofebcog\2.2_0\
CHR - Extension: SiteAdvisor = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.122.1_0\
CHR - Extension: Creatures & Castles = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfpeacgpdnhofhebmincihdelcemhagd\2.0_0\
CHR - Extension: Dragons of Atlantis = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\manlnjcghdempjdpndlcmaaobbighhcf\1.5_0\
CHR - Extension: Berzerk Ball = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlhdccfnfabmabdlpmlgmnegfekcpgpb\0.0.0.3_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Rachel Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/08/08 18:37:24 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120702082613.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [Reader Application Helper] C:\Program Files\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Sony Corporation)
O4 - HKLM..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-21-10846428-1523018426-381146312-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O15 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..Trusted Domains: isvinternet.com ([fastpath] http in Trusted sites)
O15 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ISVFlashIE2_CabSetup http://download.isvinternet.com/public/isvflashie2_cabsetup.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05651196-655E-4222-BCB2-5BC6592EEF7A}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C4702D7-8ED6-4176-97A6-B75335983DB1}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 19:40:16 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Rachel Laptop\Desktop\OTL.exe
[2012/08/08 18:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/08 18:37:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/08 18:16:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/08 18:16:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/08 18:16:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/08 18:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/08 18:16:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/08 08:41:13 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/08 07:19:32 | 004,729,922 | R--- | C] (Swearware) -- C:\Users\Rachel Laptop\Desktop\ComboFix.exe
[2012/07/26 19:54:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Rachel Laptop\Desktop\dds.scr
[2012/07/26 17:04:02 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Rachel Laptop\Desktop\aswMBR.exe
[2012/07/26 16:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/07/26 16:56:37 | 000,227,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/07/26 16:55:57 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/07/26 16:55:57 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/07/12 20:36:30 | 000,000,000 | ---D | C] -- C:\Users\Rachel Laptop\Desktop\VIRUS LOGS
[2012/07/12 19:41:18 | 000,000,000 | ---D | C] -- C:\Users\Rachel Laptop\AppData\Roaming\Malwarebytes
[2012/07/12 19:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 19:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 19:40:42 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/07/12 19:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/12 19:38:49 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Rachel Laptop\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 16:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIW
[2012/07/12 16:26:29 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2012/07/12 06:39:54 | 001,501,248 | ---- | C] (McAfee Inc.) -- C:\Users\Rachel Laptop\Desktop\GetSusp.exe
[2012/07/10 21:34:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/07/10 21:34:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/07/10 21:34:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/07/10 21:34:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/07/10 21:34:53 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/07/10 21:34:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/07/10 21:34:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/07/10 21:26:06 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/07/10 20:44:34 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/07/10 20:44:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2012/07/10 20:44:17 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/08 19:48:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/08 19:40:22 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Rachel Laptop\Desktop\OTL.exe
[2012/08/08 19:39:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 19:02:02 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 19:02:02 | 000,017,088 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 18:59:34 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2012/08/08 18:54:55 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 18:54:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 18:54:15 | 2411,929,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 18:37:24 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/08 07:19:33 | 004,729,922 | R--- | M] (Swearware) -- C:\Users\Rachel Laptop\Desktop\ComboFix.exe
[2012/08/07 23:33:27 | 000,631,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/07 23:33:27 | 000,111,456 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/07 08:48:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/07 08:48:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/07/26 19:54:47 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Rachel Laptop\Desktop\dds.scr
[2012/07/26 17:04:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Rachel Laptop\Desktop\aswMBR.exe
[2012/07/12 21:39:51 | 000,302,592 | ---- | M] () -- C:\Users\Rachel Laptop\Desktop\e90pf28o.exe
[2012/07/12 21:24:58 | 000,302,592 | ---- | M] () -- C:\Users\Rachel Laptop\Desktop\l6dfoiid.exe
[2012/07/12 19:40:54 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 19:39:03 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Rachel Laptop\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 16:26:31 | 000,000,893 | ---- | M] () -- C:\Users\Rachel Laptop\Desktop\SIW.lnk
[2012/07/12 07:25:03 | 000,000,083 | RH-- | M] () -- C:\Users\Rachel Laptop\Desktop\GetSusp.opt
[2012/07/12 06:40:05 | 001,501,248 | ---- | M] (McAfee Inc.) -- C:\Users\Rachel Laptop\Desktop\GetSusp.exe
[2012/07/10 21:52:52 | 000,001,103 | ---- | M] () -- C:\Users\Rachel Laptop\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/10 21:39:20 | 000,424,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/09 23:51:27 | 000,004,096 | -H-- | M] () -- C:\Users\Rachel Laptop\AppData\Local\keyfile3.drm
[2012/07/09 19:58:25 | 002,577,113 | ---- | M] () -- C:\Users\Rachel Laptop\Desktop\teen_cash_guide.pdf
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/08 18:16:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/08 18:16:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/08 18:16:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/08 18:16:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/08 18:16:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/12 21:39:47 | 000,302,592 | ---- | C] () -- C:\Users\Rachel Laptop\Desktop\e90pf28o.exe
[2012/07/12 21:24:54 | 000,302,592 | ---- | C] () -- C:\Users\Rachel Laptop\Desktop\l6dfoiid.exe
[2012/07/12 19:40:54 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 16:26:31 | 000,000,893 | ---- | C] () -- C:\Users\Rachel Laptop\Desktop\SIW.lnk
[2012/07/12 07:25:03 | 000,000,083 | RH-- | C] () -- C:\Users\Rachel Laptop\Desktop\GetSusp.opt
[2012/07/09 19:58:25 | 002,577,113 | ---- | C] () -- C:\Users\Rachel Laptop\Desktop\teen_cash_guide.pdf
[2012/06/16 19:16:48 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/18 13:06:46 | 000,000,017 | ---- | C] () -- C:\Users\Rachel Laptop\AppData\Local\resmon.resmoncfg
[2011/08/01 00:02:25 | 000,004,096 | -H-- | C] () -- C:\Users\Rachel Laptop\AppData\Local\keyfile3.drm
[2011/05/29 21:56:32 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2011/05/29 21:35:38 | 000,218,381 | ---- | C] () -- C:\Windows\hpwins14.dat
[2011/05/29 21:35:38 | 000,000,411 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2011/05/06 17:15:31 | 000,013,312 | ---- | C] () -- C:\Users\Rachel Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/25 18:34:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/04/25 18:33:04 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/25 16:28:21 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2011/04/25 16:28:21 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/04/25 16:28:21 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2011/04/25 16:28:21 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2011/04/25 15:34:22 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2011/04/25 11:38:21 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/04/25 07:40:32 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/23 20:58:09 | 000,155,648 | ---- | C] () -- C:\Windows\System32\nY.exe
[2011/03/29 03:31:19 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2011/03/28 17:30:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/28 15:30:10 | 000,231,056 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2011/03/28 15:30:10 | 000,001,352 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2011/03/28 15:30:10 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2011/03/28 15:30:10 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2011/03/28 15:30:10 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011/03/28 15:30:10 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011/03/28 15:21:06 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:BADFB9FA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp07C1DE7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4

< End of report >

Supawoman · 2012/08/08

Extras.txt

OTL Extras logfile created on: 08/08/2012 19:51:39 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Rachel Laptop\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 64.50% Memory free
5.99 Gb Paging File | 4.34 Gb Available in Paging File | 72.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.32 Gb Total Space | 183.53 Gb Free Space | 64.32% Space Free | Partition Type: NTFS

Computer Name: RACHLAPTOP-PC | User Name: Rachel Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C51BDF-3C54-4E01-A225-871CA31CE7AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15722759-25E4-4BF7-9F90-34EED28A66E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{182BD088-C2BC-407F-BC7B-6A32C2C9D109}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{2565BDC5-A3E4-4C7C-AED7-C3F39EE7D335}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2A9933BE-7583-44E2-A4F8-EAE27C4BF7D8}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{2AA881A9-BB53-4649-92B8-63A3422325E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{31618A87-6B59-47AF-8432-8F35733849A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3457B07E-AD67-450F-AEDC-FB8D3D6A11C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34BD16DB-F342-41AF-B700-EDE29079F5FA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36158163-D387-4F24-9974-A3F088FAEB40}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{37149BA1-571B-4B78-8F5D-94804AE8E6D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{41385295-81DE-4C00-80CC-F631397DA64B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{43969029-50C5-46A2-907F-DC81157B4767}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{59EA8960-FAE4-4D9C-B4FA-C5258E020541}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5BCD3605-0BED-4842-AB85-2861761DA5AB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5DE13FA8-A048-4FC7-BB3F-7B18FCCE92AD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{624E2081-5941-4948-9458-A983F4147CB4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{654FBE92-C7D6-41EF-80BB-70CD2B09AA1E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{66A6110F-57FE-45FE-B078-B6D5858BB816}" = lport=10244 | protocol=6 | dir=in | app=system |
"{66CF3B72-4DC1-4B33-99A0-6965B602A0EA}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6C5F58D0-8818-4162-ABA2-8AA82E068F67}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F4B981E-6CD7-4398-9760-5DE26FB99B60}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{70382A5D-AAB2-4BEB-A2FE-C3EE050313DA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A7BC54C-94BC-47C1-80CD-412E59C75A7C}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86FE808A-C9AF-497A-995B-F3454C517F75}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9516303B-04D4-4B09-A723-5B54F69683D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1045E76-99BF-44F2-ACB8-0A7DD9DB249C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A7CABE54-1013-4447-A77E-DCE10AD7B18D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B42C5704-8C67-449E-A702-996DF464B075}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{B526D9CA-281E-44CC-BE52-530E5003274B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C6B8C8EE-8740-4E0E-8981-54ECFD94A2ED}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD8E9035-EFA6-47BA-B1E8-629F5AD0D675}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{CE210467-C545-45FD-B120-147E9A1B90EF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE5F567B-F3BD-48CE-96D8-E564F2978C9A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6A1B5B9-67DD-44D7-99AE-AC8743F0236E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC3CC068-8C4A-402E-8B4D-E7410F6B1C19}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E33AC7A7-AA05-4AE6-BD6B-AB48704D7B19}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3B0FD8A-831C-434F-AB06-D1A62D49B5A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E6DB410A-FA82-4185-9A82-AC3E1A3C1340}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004465B1-4978-4C38-930B-CE0A608A2752}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{03664961-A745-4BA6-84E0-6CC2100AE350}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{0526B26C-9E35-461C-823D-98B58390910A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{07E47C99-8E3C-4DC7-90BE-E0A065E2D0AA}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{08FACE21-647D-4DEA-9BDF-22AD98DC03E5}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{14D9935E-1879-44BA-8D02-E9E65EBB2CC7}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{164C383D-73E3-4A4E-8715-D35F4FDDB087}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1D31F80E-5C53-4F7F-9D5C-74948BBB522E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2316AE09-9152-4885-BE5F-6FDA821C7479}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{264ED3AD-C476-426C-A0C9-964097F3814F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{283120E3-EF20-48CF-8116-348DE8EBC810}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{284A018F-F399-4D74-87F9-6D836EFBAD77}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{2C035E3F-540B-4C20-8F31-2EC8C6A33CEF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2E7CCDFD-642A-44DA-8C6E-F8C13BEEEBA2}" = protocol=17 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutlauncher.exe |
"{2F8F5726-F492-4061-8D62-B98491651F16}" = protocol=6 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutlauncher.exe |
"{3686288D-037B-4C11-8138-0307D6966BCA}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{37590F29-A76C-4C75-95C1-EF341F6C75C2}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{37E9C5E8-A351-4D1C-A1C6-25CA9063B9B8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{3952B771-7589-40D0-85C1-1885582940F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{398F37D1-22A2-4BEE-9DD6-9E9FEF208999}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3F954B3E-94FC-4C89-B691-61A7AA8468A8}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4221C9E3-4820-417B-9B04-63E0CB85737F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{43C1FEA7-5F0F-4252-B3F3-4BAB34895145}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{44583820-52DA-4B4C-8485-5BF90AE960E7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{447C6FBF-01D9-428C-9895-3D8D8C2D5557}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{46CA1FAE-A56F-46C0-8F59-AFA0ABA39A27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{48426CB5-67EA-4BA0-805C-02EC18E74CD4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4B38B6FB-90C1-48EC-B5F2-E12EFB704F38}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5D7CE9D5-B854-43AC-A87D-E89D83C84D75}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{678D8546-DB48-44BD-91A0-CE7F424105A8}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{67B346A4-15C1-47FB-BA4C-656070D55CFE}" = dir=in | app=c:\program files\hp\digital imaging\{8ab2ac00-afff-4043-83d9-0086528b337f}\setup\hpznui01.exe |
"{6AB89101-4DE4-4A01-879E-922EAB61F163}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{6D040088-40C5-4648-AA26-5B418B70ED14}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6E8BDBCB-93B0-4F03-9ADF-2B94E565B54D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{700A1B45-5A8C-4757-A72E-BFD9673429CC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{72CC13FE-8FA0-4F2D-84B5-C1A4B3E4E292}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{75FC0BD5-0116-4816-B21C-5E7BBFC409ED}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{7891C6E8-B10C-4CD6-ABD0-55DE4A1CAAFF}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{7FE02B2C-1CE6-4CBB-9A85-92DF38F5C2B2}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{80FD88CB-AE72-4A96-BA9D-B0FBFDB741B0}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8944D74D-D04D-496E-9F73-07D513A36BA6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{89F62767-5916-4C5B-93BE-95E3305A730F}" = protocol=6 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutparadise.exe |
"{89FF4619-DB0B-43A7-9F7B-1F5723CEE873}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{8CE69032-F1C1-4532-8AC4-B9C1A60F7A1D}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8F3965F6-746E-4E01-BA86-419377339B5D}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{8FA84978-1D5B-4563-A59C-6A8FA666D00E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{904C9299-8148-413D-83A1-A77227CCF043}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{91DCCE68-CB48-4F8E-B152-9B8543FB8FD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98531B6E-5A0B-455A-830A-874F192B9DFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{98DE4863-6B84-48BF-873C-437E683A9B91}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{A20D8CCB-2BAC-4571-9284-7FB838BA9AC3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{A49CFE91-1297-4F3D-B1D6-23B8FB62DB0E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{A8216DC4-80E9-43B9-BA9A-CE05AEE081C3}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{A91A011F-2865-4285-B8AE-51323BC983A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A92F7BD6-D0B5-4B76-BFD9-FB0921EA61C4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ADA7A921-7E2B-4A08-9A11-019718F0123D}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{ADB039A7-267F-452F-9B4F-EBF2586F942A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BA3D5D6A-5572-4243-AA81-8C31E985A7D0}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{BAE00BB4-826B-4D8D-9E27-C59C9698FFFB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1849FB3-28D5-484C-8FBE-3198963E8452}" = protocol=17 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutparadise.exe |
"{C285E290-0D06-405F-8B1F-6DE9C875DD9B}" = protocol=6 | dir=out | app=system |
"{C2B6379B-2FF8-418E-A313-71F8496D886A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C63162A9-75FD-40A6-95DC-0089BDC0BE6A}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{C66D1462-9FC7-45AC-8DD9-76A0204B4700}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{CBA0F878-A4F9-4268-BA3E-808B57B11755}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D08F1E4F-41E4-4E0E-B4F3-6DC2ACF67615}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D1934DA9-49EE-46C3-AFFC-BDE5953ED77F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D28526CF-4529-4392-9CB7-5B0B442A83CA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{D70DDFF1-C3E8-4687-8F6A-9E1206A9B2CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D878B435-9368-42EE-A0E7-76D842C57A5F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{DD8E48D2-9041-4C88-A0C2-B2B194C3D15E}" = protocol=6 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutconfigtool.exe |
"{DF79A48A-EEBA-4CAA-AB75-5F5CB7E17184}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E15D2286-BCF8-4187-8E07-D64CFAD09264}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{E2236602-B027-4939-A999-9F6F35A69449}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{E2312AAF-E24E-4EEF-A731-20390BFF56CA}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{E9864C7A-41C0-4F87-ABEC-2DA152712BDD}" = protocol=17 | dir=in | app=c:\program files\origin games\burnout paradise\burnoutconfigtool.exe |
"{EC667A6D-C696-47D4-9D4A-4E98CC50CBB9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EE02B6D5-A1AF-482A-BFEF-C87202B0895F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0B06F9D-746C-4F93-8B9D-8555FEC7F84F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F67C8F9D-7AB6-4BC2-8D6B-55297BBA2B8E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{FAC00276-7158-4738-BAAF-496C56592F79}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{FBA800F8-D692-42F1-8394-243C44ECBD1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{FC7DEDB9-2AE4-44F8-9C79-1BD82B63202B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{FE8BB07C-BD48-42CA-AFAA-9531FDF13D0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF8A1E19-BAE8-424A-8EB4-C22B3E3271B9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 University
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D62121B-0361-47CD-8712-5B2F5D8D1C9C}" = Smart Technology Programming Software 7.0.2.7
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD_3D Advisor 2.0
"{2DA9DFFA-768B-4403-BEFA-9E45A80258CD}" = Driving Test Success ROAD SIGNS
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{44EAFE3D-09A9-4478-A2BF-0EED22F4E49F}" = The Sims™ 3 Create a Pattern Tool
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6809408A-56A8-4863-A7E9-3723FF8C24A4}" = BPDSoftware_Ini
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77663A9E-EDA4-4873-907D-6315E6D0462A}" = 6400_Help
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111125700}" = Rainbow Web
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AB2AC00-AFFF-4043-83D9-0086528B337F}" = HP OfficeJet J6400
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91530409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Standard 2003
"{91605026-DBBF-48FF-B703-F7719CE3F703}" = Reader for PC
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A12EA295-32EA-42BB-8442-2C2BE852D4AA}" = inSSIDer 2.0
"{A3810BEE-967B-41DC-9662-F941A3F7D689}" = calibre
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2011.10.29
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BA0430-919F-46DD-B656-0796F8A5ADFF}" = Microsoft Office Communicator 2007
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF570A1B-7593-4EDB-8AF0-8041F2A7A81B}_is1" = Driving Test Success - All Tests 2012 Edition
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.065
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FA30FFD4-8DF3-4B29-9C2C-EE30584CD795}" = bpd_scan
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer2.0" = Coupon Printer
"Digital Editions" = Adobe Digital Editions
"DivX Setup" = DivX Setup
"Driving Test Success - All Tests_is1" = Driving Test Success - All Tests 2012 Edition (Update 1)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.8.815
"GamesBar" = GamesBar 2.0.1.82
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GraphicView 32" = GraphicView 32
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"Kobo" = Kobo
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"Shop for HP Supplies" = Shop for HP Supplies
"Update Engine" = Sony Ericsson Update Engine
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 08/08/2012 11:46:55 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8194
Description =

Error - 08/08/2012 13:16:45 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8193
Description =

Error - 08/08/2012 13:34:53 | Computer Name = RachLaptop-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/08/2012 13:36:13 | Computer Name = RachLaptop-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, and that your network is functioning correctly.
DETAIL - Access is denied.

Error - 08/08/2012 13:36:23 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8194
Description =

Error - 08/08/2012 13:36:23 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8193
Description =

Error - 08/08/2012 13:55:57 | Computer Name = RachLaptop-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/08/2012 13:56:42 | Computer Name = RachLaptop-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, and that your network is functioning correctly.
DETAIL - Access is denied.

Error - 08/08/2012 13:56:54 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8194
Description =

Error - 08/08/2012 13:56:54 | Computer Name = RachLaptop-PC | Source = VSS | ID = 8193
Description =

Error - 08/08/2012 14:50:00 | Computer Name = RachLaptop-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.56.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1fd0 Start Time:
01cd7595554f390e Termination Time: 11 Application Path: C:\Users\Rachel Laptop\Desktop\OTL.exe

Report
Id: c845c962-e189-11e1-85b1-00262d564016

[ Media Center Events ]
Error - 16/06/2012 14:15:49 | Computer Name = RachLaptop-PC | Source = MCUpdate | ID = 0
Description = 7:15:49 PM - Failed to retrieve Directory (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 21/06/2012 12:33:06 | Computer Name = RachLaptop-PC | Source = MCUpdate | ID = 0
Description = 5:33:05 PM - Error connecting to the internet. 5:33:06 PM - Unable
to contact server..

Error - 21/06/2012 12:33:19 | Computer Name = RachLaptop-PC | Source = MCUpdate | ID = 0
Description = 5:33:11 PM - Error connecting to the internet. 5:33:11 PM - Unable
to contact server..

Error - 26/07/2012 11:50:24 | Computer Name = RachLaptop-PC | Source = MCUpdate | ID = 0
Description = 4:50:19 PM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: Could not establish trust relationship for the SSL/TLS secure channel.)

[ OSession Events ]
Error - 20/09/2011 06:54:25 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1848
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/09/2011 15:23:18 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1849
seconds with 720 seconds of active time. This session ended with a crash.

Error - 01/10/2011 03:26:22 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 911
seconds with 300 seconds of active time. This session ended with a crash.

Error - 01/10/2011 03:26:34 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/10/2011 11:47:31 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 159
seconds with 60 seconds of active time. This session ended with a crash.

Error - 27/10/2011 03:26:51 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1914
seconds with 0 seconds of active time. This session ended with a crash.

Error - 26/12/2011 10:32:19 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 140
seconds with 0 seconds of active time. This session ended with a crash.

Error - 22/01/2012 17:14:14 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 1892
seconds with 60 seconds of active time. This session ended with a crash.

Error - 05/02/2012 17:31:28 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 4767
seconds with 60 seconds of active time. This session ended with a crash.

Error - 13/03/2012 14:31:46 | Computer Name = RachLaptop-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1283
seconds with 360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 08/08/2012 11:44:31 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The int15 service failed to start due to the following error: %%2

Error - 08/08/2012 11:46:44 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

Error - 08/08/2012 13:19:17 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 08/08/2012 13:26:09 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 08/08/2012 13:33:44 | Computer Name = RachLaptop-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
on volume C:.

Error - 08/08/2012 13:33:52 | Computer Name = RachLaptop-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:32:18 PM on ?8/?8/?2012 was unexpected.

Error - 08/08/2012 13:33:58 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The int15 service failed to start due to the following error: %%2

Error - 08/08/2012 13:36:13 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

Error - 08/08/2012 13:54:26 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7000
Description = The int15 service failed to start due to the following error: %%2

Error - 08/08/2012 13:56:42 | Computer Name = RachLaptop-PC | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%5

< End of report >

Supawoman · 2012/08/08

Have done the OTL... logs shown above.... and Thanks for the link re the internet message I was getting...

Broni just another quick question... Could the problems with virus/malware have caused a problem with my microsoft email? Sometimes I load outlook and when receiving emails it gets stuck on the last one and if I close outlook I can't then reload it without restarting my computer and when I restart it has to force outlook to close before restarting...

broni · 2012/08/08

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O15 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..Trusted Domains: isvinternet.com ([fastpath] http in Trusted sites)
O15 - HKU\S-1-5-21-10846428-1523018426-381146312-1000\..Trusted Domains: localhost ([]http in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: ISVFlashIE2_CabSetup http://download.isvinternet.com/publ...2_cabsetup.cab (Reg Error: Key error.)
[2012/08/08 08:41:13 | 000,000,000 | ---D | C] -- C:\FRST
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:BADFB9FA
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:D07C1DE7
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F7862839
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:8750DCE4

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

Supawoman · 2012/08/08

otl fix log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-10846428-1523018426-381146312-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_USERS\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isvinternet.com\fastpath\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-10846428-1523018426-381146312-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control ISVFlashIE2_CabSetup
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ISVFlashIE2_CabSetup\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ISVFlashIE2_CabSetup\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ISVFlashIE2_CabSetup\ not found.
C:\FRST\Quarantine\{b705a84b-260a-fbc4-c301-fa8522f3253c}\U folder moved successfully.
C:\FRST\Quarantine\{b705a84b-260a-fbc4-c301-fa8522f3253c}\L folder moved successfully.
C:\FRST\Quarantine\{b705a84b-260a-fbc4-c301-fa8522f3253c} folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData\Temp:BADFB9FA deleted successfully.
ADS C:\ProgramData\Temp07C1DE7 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:131C0EE9 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:F7862839 deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:798A3728 deleted successfully.
ADS C:\ProgramData\Temp:8750DCE4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56541 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-RACHLAPTOP-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56541 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Rachel Laptop
->Temp folder emptied: 1201894 bytes
->Temporary Internet Files folder emptied: 258952222 bytes
->Java cache emptied: 5954113 bytes
->Google Chrome cache emptied: 76585135 bytes
->Flash cache emptied: 187546 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56541 bytes

User: TEMP.RACHLAPTOP-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56541 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56541 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46084 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 327.00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1-RACHLAPTOP-PC

User: Public

User: Rachel Laptop
->Java cache emptied: 0 bytes

User: TEMP

User: TEMP.RACHLAPTOP-PC

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Mcx1-RACHLAPTOP-PC
->Flash cache emptied: 0 bytes

User: Public

User: Rachel Laptop
->Flash cache emptied: 0 bytes

User: TEMP
->Flash cache emptied: 0 bytes

User: TEMP.RACHLAPTOP-PC
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08082012_202627

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Supawoman · 2012/08/08

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java(TM) 6 Update 31
Java(TM) 7 Update 5
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome plugins...
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Supawoman · 2012/08/08

Farbar Service Scanner Version: 06-08-2012
Ran by Rachel Laptop (administrator) on 08-08-2012 at 20:44:03
Running from "C:\Users\Rachel Laptop\Desktop "
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall "=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware "=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Supawoman · 2012/08/08

Hi Broni, I have tried to run the eset scanner but get an expected error when it is downloading databases... as suggested i disabled my antivirus before running... any ideas?

broni · 2012/08/08

Try different browser.

Supawoman · 2012/08/09

Hi Broni, Eset online scanner said no threats found... I left it running whilst I went to work... running it again as realised my virus protection was left inactive all day (whilst I was at work) will let you know the results of the second scan when it's complete.

broni · 2012/08/09

running it again as realised my virus protection was left inactive all day
Click to expand...

That's fine.
I recommend turning an AV program off to speed things up but if it's on it won't affect the results.

Uninstall Java(TM) 6 Update 31 .

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

======================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

Supawoman · 2012/08/09

Hi Broni, I'll let the current scan run first then do what you have suggested above... just out of interest, as I use my fingerprint via my fingerprint reader to log in to my online accounts etc, do I still need to change my online account passwords?

broni · 2012/08/09

I'm not really familiar with that feature.
How exactly does it work.
You use fingerprint reader and then you still need to enter some password?

Log in or Sign up

Solved Trojan Zero Access found by McAfee... can you help?

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Trojan Zero Access found by McAfee... can you help?

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Supawoman Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches