goa55

ok so with the explorer 9 i seem to now have the ask jeeves tool bar not sure if this is right as its on google chrome as well i think i need to get rid of this Thanks

happy new year sorry for the delay wanted to make sure all was ok on laptop. seems fine to me so much faster than before. i could not find/remove C:\Users\Adam\AppData\Local\Microsoft\Windows Live Mail\Taptaptap.c ecf\Deleted Items\471C6F20-00000022.eml Results of screen317's Security Check version 0.99.56 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 26 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.79 Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 Google Chrome 23.0.1271.95 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe ESET ESET Online Scanner OnlineScannerApp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log`````````````````````` \aq

ok thanks 1 threat a long scan at 5.46 hours ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=fe414e1c51da42458426df61fe107685 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-31 02:16:55 # local_time=2012-12-31 02:16:55 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=5892 16777213 88 94 8236476 10602787 0 0 # scanned=238491 # found=1 # cleaned=0 # scan_time=20763 C:\Users\Adam\AppData\Local\Microsoft\Windows Live Mail\Taptaptap.c ecf\Deleted Items\471C6F20-00000022.eml HTML/Phishing.Gen trojan (unable to clean) F32A053A04583E1D2412A68C42A87248BBB92B70 I

thanks real nice now so much better, windows mail was a bit slow when resatrted but all seems to be well now. was their a few nasties on it ?

ComboFix 12-12-30.01 - Adam 30/12/2012 21:36:00.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2807.1746 [GMT 0:00] Running from: c:\users\Adam\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\FullRemove.exe c:\users\Adam\GoToAssistDownloadHelper.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 ))))))))))))))))))))))))))))))) . . 2012-12-30 22:11 . 2012-12-30 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-30 11:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D2CCE1A2-9382-407E-B50F-9218C4B91A7C}\mpengine.dll 2012-12-29 09:32 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-22 06:52 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-22 06:52 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-22 06:52 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-22 06:52 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-14 23:30 . 2012-12-14 23:30 -------- d-----w- c:\users\Adam\AppData\Local\Programs 2012-12-14 23:19 . 2012-12-14 23:19 -------- d-----w- c:\users\Adam\AppData\Local\ArcSoft 2012-12-14 23:19 . 2012-12-17 23:32 -------- d-----w- c:\programdata\ArcSoft 2012-12-14 23:19 . 2012-12-14 23:20 -------- d-----w- c:\users\Adam\AppData\Roaming\Arcsoft 2012-12-14 23:18 . 2012-12-14 23:19 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft 2012-12-14 23:16 . 2012-12-14 23:18 -------- d-----w- c:\program files (x86)\ArcSoft 2012-12-11 23:03 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 23:03 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-11 23:03 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-12-11 23:01 . 2012-10-04 17:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-14 16:49 . 2011-04-20 06:04 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-12 04:31 . 2011-04-30 14:39 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-28 14:47 . 2012-11-28 14:47 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB4C8BDB-0B27-4350-BF28-9AB7A5D80D92}\gapaengine.dll 2012-10-28 22:29 . 2012-10-28 22:29 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin 2012-10-16 21:20 . 2012-11-28 07:45 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-11-28 07:45 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-11-28 07:45 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-04 16:45 . 2012-12-11 23:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2012-06-11 15:22 1307728 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408] "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-11-08 16070136] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2010-06-07 618496] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360] . c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-28 28539392] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 11776] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-04-17 305520] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-03-01 239136] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-20 1255736] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys [2009-07-21 135168] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-04-08 312400] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-03-17 866336] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-03-08 250368] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-03-21 321064] . . Contents of the 'Scheduled Tasks' folder . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2012-12-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-11-08 16:58 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-05 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" .

# AdwCleaner v2.104 - Logfile created 12/30/2012 at 21:18:18 # Updated 29/12/2012 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Adam - ADAM-PC # Boot Mode : Normal # Running from : C:\Users\Adam\Downloads\adwcleaner (1).exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Adam\Desktop\Search The Web.url File Deleted : C:\Users\Adam\Desktop\sweetpcfix.url File Deleted : C:\Users\Public\Desktop\eBay.lnk Folder Deleted : C:\Program Files (x86)\SweetIM Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\ProgramData\SweetIM Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Folder Deleted : C:\Users\Adam\AppData\Local\Temp\boost_interprocess Folder Deleted : C:\Users\Adam\AppData\LocalLow\SweetIM Folder Deleted : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7600.17153 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.97 File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5983 octets] - [30/12/2012 11:03:18] AdwCleaner[R2].txt - [6047 octets] - [30/12/2012 21:17:44] AdwCleaner[s1].txt - [6030 octets] - [30/12/2012 21:18:18] ########## EOF - C:\AdwCleaner[s1].txt - [6090 octets] ##########

<p> </p> <div># AdwCleaner v2.104 - Logfile created 12/30/2012 at 11:03:18</div> <div># Updated 29/12/2012 by Xplode</div> <div># Operating system : Windows 7 Home Premium (64 bits)</div> <div># User : Adam - ADAM-PC</div> <div># Boot Mode : Normal</div> <div># Running from : C:\Users\Adam\Downloads\adwcleaner.exe</div> <div># Option [search]</div> <div> </div> <div> </div> <div>***** [services] *****</div> <div> </div> <div> </div> <div>***** [Files / Folders] *****</div> <div> </div> <div>File Found : C:\Users\Adam\Desktop\Search The Web.url</div> <div>File Found : C:\Users\Adam\Desktop\sweetpcfix.url</div> <div>File Found : C:\Users\Public\Desktop\eBay.lnk</div> <div>Folder Found : C:\Program Files (x86)\SweetIM</div> <div>Folder Found : C:\ProgramData\Partner</div> <div>Folder Found : C:\ProgramData\SweetIM</div> <div>Folder Found : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn</div> <div>Folder Found : C:\Users\Adam\AppData\Local\Temp\boost_interprocess</div> <div>Folder Found : C:\Users\Adam\AppData\LocalLow\SweetIM</div> <div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div>Folder Found : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div> </div> <div>***** [Registry] *****</div> <div> </div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}</div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}</div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKCU\Software\SweetIM</div> <div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils</div> <div>Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator</div> <div>Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\sim-packages</div> <div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar</div> <div>Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook</div> <div>Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie</div> <div>Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe</div> <div>Key Found : HKLM\Software\SweetIM</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}</div> <div>Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}</div> <div>Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}</div> <div>Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetIM]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [sweetpacks Communicator]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]</div> <div>Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]</div> <div>Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]</div> <div> </div> <div>***** [internet Browsers] *****</div> <div> </div> <div>-\\ Internet Explorer v8.0.7600.17153</div> <div> </div> <div>[OK] Registry is clean.</div> <div> </div> <div>-\\ Google Chrome v23.0.1271.97</div> <div> </div> <div>File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Preferences</div> <div> </div> <div>[OK] File is clean.</div> <div> </div> <div>*************************</div> <div> </div> <div>AdwCleaner[R1].txt - [5862 octets] - [30/12/2012 11:03:18]</div> <div> </div> <div>########## EOF - C:\AdwCleaner[R1].txt - [5922 octets] ##########</div> <div> </div>

<p> </p> <div>Malwarebytes Anti-Malware 1.70.0.1100</div> <div>www.malwarebytes.org</div> <div> </div> <div>Database version: v2012.12.30.03</div> <div> </div> <div>Windows 7 x64 NTFS</div> <div>Internet Explorer 8.0.7600.16385</div> <div>Adam :: ADAM-PC [administrator]</div> <div> </div> <div>30/12/2012 09:12:56</div> <div>mbam-log-2012-12-30 (09-12-56).txt</div> <div> </div> <div>Scan type: Quick scan</div> <div>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</div> <div>Scan options disabled: P2P</div> <div>Objects scanned: 255712</div> <div>Time elapsed: 21 minute(s), 57 second(s)</div> <div> </div> <div>Memory Processes Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Memory Modules Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Keys Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Values Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Registry Data Items Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Folders Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>Files Detected: 0</div> <div>(No malicious items detected)</div> <div> </div> <div>(end)</div> <div> </div>

. hi no popups or search redirects Thanks will post the others next UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 18/04/2011 15:50:06 System Uptime: 28/12/2012 20:53:59 (36 hours ago) . Motherboard: Acer | | Aspire 5741Z Processor: Intel® Pentium® CPU P6000 @ 1.87GHz | CPU | 1063/1066mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 284 GiB total, 204.719 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP530: 14/12/2012 23:16:15 - Installed TotalMedia HDCam RP531: 14/12/2012 23:18:05 - Installed Print Creations RP532: 14/12/2012 23:30:51 - Installed Connect Service RP533: 15/12/2012 23:51:12 - Windows Update RP534: 17/12/2012 23:31:42 - Installed Connect Service RP535: 19/12/2012 17:27:31 - Windows Update RP536: 22/12/2012 06:50:38 - Windows Update RP537: 26/12/2012 08:30:56 - Windows Update RP538: 29/12/2012 09:31:01 - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1912 Titanic Mystery Acer Backup Manager Acer Crystal Eye webcam Ver:1.1.167.331 Acer ePower Management Acer eRecovery Management Acer GameZone Console Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader 9.5.0 MUI Amazonia ArcSoft Print Creations ArcSoft Print Creations - Album Page ArcSoft Print Creations - Photo Book ArcSoft TotalMedia HDCam Backup Manager Basic Big Fish Games: Game Manager Bing Bar BlackBerry Desktop Software 6.1 Broadcom Gigabit NetLink Controller Cake Mania CCleaner Chicken Invaders 2 Compatibility Pack for the 2007 Office system CyberLink PowerDVD 9 D3DX10 Dairy Dash DHTML Editing Component Dropbox eBay Worldwide eSobi v2 Farm Frenzy 2 Galapago Google Chrome Google Drive Google Earth Google Toolbar for Internet Explorer Google Update Helper GoToAssist Corporate Granny In Paradise Heroes of Hellas Identity Card Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® Rapid Storage Technology Internet Explorer Toolbar 4.6 by SweetPacks Java Auto Updater Java 6 Update 26 Junk Mail filter update Launch Manager Maintenance Samsung CLP-320 Series Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyTomTom 3.1.0.530 MyWinLocker MyWinLocker Suite Norton Online Backup NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 OpenOffice.org 3.3 Paint.NET v3.5.10 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Shredder Spin & Win SweetIM for Messenger 3.7 SweetPacks bundle uninstaller Synaptics Pointing Device Driver Turbo Lister 2 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Manager for SweetPacks 1.1 Visual Studio C++ 10.0 Runtime Welcome Center Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Yahoo! Detect ZTE USB Driver . ==== Event Viewer Messages From Past Week ======== . 30/12/2012 08:54:44, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0. 30/12/2012 08:34:36, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start. 30/12/2012 08:34:36, Error: NetBT [4321] - The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. 30/12/2012 08:34:36, Error: NetBT [4321] - The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. 28/12/2012 23:27:55, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service. 28/12/2012 20:31:09, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state. 25/12/2012 08:38:52, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. . ==== End Of File =========================== ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-21 312400] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-7-5 866336] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-21 13336] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-3-8 250368] R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-6 144640] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-21 2320920] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-4-21 243232] R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-21 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-21 158720] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-4-21 271872] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-3-21 321064] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-25 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-6-13 11776] S3 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-4-17 305520] S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-6 50432] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-4-21 239136] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-4-20 1255736] S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2011-6-13 135168] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-29 16:18:48 -------- d-----w- C:\Users\Adam\AppData\Local\{95AD2D6B-669B-49CE-8A37-805992771469} 2012-12-29 09:32:34 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A6068B4C-A2DE-4FF3-AF77-59E3531DFAD4}\mpengine.dll 2012-12-29 09:19:25 -------- d-----w- C:\Users\Adam\AppData\Local\{2C8FA50D-0104-44FE-83A1-659F8A478527} 2012-12-28 16:36:56 -------- d-----w- C:\Users\Adam\AppData\Local\{7D83193B-2EDB-4E7E-9E99-246979D03E43} 2012-12-28 08:24:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-12-28 08:24:52 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FBD7696D-95C9-4379-8639-F30CFFC197DA}\mpengine.dll 2012-12-27 08:50:17 -------- d-----w- C:\Users\Adam\AppData\Local\{E3D47A1E-C832-4566-B8AF-7D4E3F7E7F02} 2012-12-26 20:37:13 -------- d-----w- C:\Users\Adam\AppData\Local\{440912BD-A0D7-4D91-89A0-570CF57B413C} 2012-12-25 15:10:20 -------- d-----w- C:\Users\Adam\AppData\Local\{EB0127F2-0121-416F-BCF4-B7B2B47EA8AD} 2012-12-24 23:41:59 -------- d-----w- C:\Users\Adam\AppData\Local\{138FF618-BB9F-46A5-9DBD-8267750423C7} 2012-12-24 11:17:44 -------- d-----w- C:\Users\Adam\AppData\Local\{CECD3DEE-9EB1-42D4-9ED3-092FAFEB1A36} 2012-12-23 21:33:46 -------- d-----w- C:\Users\Adam\AppData\Local\{040C1493-CA52-4B1F-AB21-9977653EA7EE} 2012-12-23 06:29:32 -------- d-----w- C:\Users\Adam\AppData\Local\{252684A0-5726-4F14-9CC0-6C646A7E7459} 2012-12-22 15:30:17 -------- d-----w- C:\Users\Adam\AppData\Local\{494CF17A-F605-4B5F-95F6-65A0FEA6B2C3} 2012-12-22 06:52:12 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-22 06:52:11 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-22 06:52:06 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-22 06:52:05 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-22 00:57:41 -------- d-----w- C:\Users\Adam\AppData\Local\{B3C3441E-EDD3-4723-98ED-061FCAA956C4} 2012-12-21 12:57:25 -------- d-----w- C:\Users\Adam\AppData\Local\{E42673C3-E174-4484-9959-1373A177F8DE} 2012-12-20 20:09:38 -------- d-----w- C:\Users\Adam\AppData\Local\{F6599112-C0DC-475F-8ADD-DE6528CD658D} 2012-12-20 08:09:16 -------- d-----w- C:\Users\Adam\AppData\Local\{58AC1720-953F-47A4-9EEC-D024D5BE49BD} 2012-12-19 20:08:54 -------- d-----w- C:\Users\Adam\AppData\Local\{DA5ACAC1-642A-4CB8-8322-E059E1138DB3} 2012-12-19 08:08:43 -------- d-----w- C:\Users\Adam\AppData\Local\{03D92FA1-E4E6-47DF-9E87-36C6F0D8664B} 2012-12-18 13:21:51 -------- d-----w- C:\Users\Adam\AppData\Local\{A31939F1-F53B-4A1A-9D43-A3B53546EFF5} 2012-12-17 22:04:19 -------- d-----w- C:\Users\Adam\AppData\Local\{262077BD-F3DF-49E0-9FF2-C3D186223A40} 2012-12-17 08:21:18 -------- d-----w- C:\Users\Adam\AppData\Local\{83117BCE-DC8A-46C0-8DA8-AEF3E8D03196} 2012-12-16 17:46:39 -------- d-----w- C:\Users\Adam\AppData\Local\{03AD07D1-E459-424E-AACC-A9230138E1B4} 2012-12-15 23:32:50 -------- d-----w- C:\Users\Adam\AppData\Local\{1ABD207D-F294-4418-98E1-2225E36FE2BB} 2012-12-14 23:30:39 -------- d-----w- C:\Users\Adam\AppData\Local\Programs 2012-12-14 23:19:38 -------- d-----w- C:\Users\Adam\AppData\Local\ArcSoft 2012-12-14 23:19:33 -------- d-----w- C:\ProgramData\ArcSoft 2012-12-14 18:23:21 -------- d-----w- C:\Users\Adam\AppData\Local\{A9E178C8-8297-4B8E-97C6-5CB64C515C73} 2012-12-14 06:23:09 -------- d-----w- C:\Users\Adam\AppData\Local\{C332D171-A127-4061-BFD3-495F96A134D0} 2012-12-13 12:58:13 -------- d-----w- C:\Users\Adam\AppData\Local\{5394F09D-FDFD-4635-A58F-40549883F44C} 2012-12-13 00:57:51 -------- d-----w- C:\Users\Adam\AppData\Local\{110D8AD1-8B94-49AF-A5D5-6FBD392657A1} 2012-12-12 12:57:39 -------- d-----w- C:\Users\Adam\AppData\Local\{F13F0B5E-A009-4E44-865E-DD18E645B632} 2012-12-11 23:03:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-11 23:03:18 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-11 23:03:02 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-12-11 23:01:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-12-11 22:40:26 -------- d-----w- C:\Users\Adam\AppData\Local\{A01E6317-43AB-422C-BB03-9628D07632DF} 2012-12-11 04:18:11 -------- d-----w- C:\Users\Adam\AppData\Local\{00D8CFA1-8396-40C3-82BC-0DEDA996AD4B} 2012-12-10 11:58:34 -------- d-----w- C:\Users\Adam\AppData\Local\{0E77F9BB-464C-4C3B-8EBC-8B47DE12EB1E} 2012-12-09 21:38:01 -------- d-----w- C:\Users\Adam\AppData\Local\{9B5405B8-5650-48F1-894E-87F4511090C0} 2012-12-09 08:21:45 -------- d-----w- C:\Users\Adam\AppData\Local\{0BAC74E2-6F2B-4F97-88AB-B7F50CCBBA66} 2012-12-08 17:08:26 -------- d-----w- C:\Users\Adam\AppData\Local\{50BCF30C-E852-4C22-89F6-7F0BFEB839C5} 2012-12-08 05:00:38 -------- d-----w- C:\Users\Adam\AppData\Local\{0D4A8789-6B62-44A9-8420-DAFAC5DA6E81} 2012-12-07 16:04:00 -------- d-----w- C:\Users\Adam\AppData\Local\{93FE6F58-9812-4F9C-A700-797BEBCFC0B3} 2012-12-07 03:21:12 -------- d-----w- C:\Users\Adam\AppData\Local\{ECFBB369-2338-45D2-8560-A399ABF78229} 2012-12-06 13:08:20 -------- d-----w- C:\Users\Adam\AppData\Local\{378F4312-092A-4B75-B12C-92B552D19F25} 2012-12-06 00:12:29 -------- d-----w- C:\Users\Adam\AppData\Local\{76FC5443-976D-449B-AC37-78DB2ABC2646} 2012-12-05 11:12:07 -------- d-----w- C:\Users\Adam\AppData\Local\{C0F37D6F-860E-4760-97DE-36A89DF7C418} 2012-12-04 22:02:15 -------- d-----w- C:\Users\Adam\AppData\Local\{1E17B482-AC58-4E6F-899B-C6BCA6324935} 2012-12-04 07:36:53 -------- d-----w- C:\Users\Adam\AppData\Local\{776083AB-AB99-4091-BA46-C66E99E85F91} 2012-12-03 15:22:15 -------- d-----w- C:\Users\Adam\AppData\Local\{DBDBD59F-BED9-4C70-BC2F-DEE666BEEA40} 2012-12-03 00:04:58 -------- d-----w- C:\Users\Adam\AppData\Local\{71E6032B-E6D5-4746-A978-4A8C70EAC306} 2012-12-02 08:01:55 -------- d-----w- C:\Users\Adam\AppData\Local\{90C7523B-13F1-4A6A-8731-54B958E13E86} 2012-12-01 15:05:26 -------- d-----w- C:\Users\Adam\AppData\Local\{2AD410D2-EEA5-449D-B2AF-26F8E3EBC939} 2012-11-30 23:27:06 -------- d-----w- C:\Users\Adam\AppData\Local\{8C4BAF95-CCF7-459F-989F-D9CAC81CB2BC} 2012-11-30 11:26:54 -------- d-----w- C:\Users\Adam\AppData\Local\{AA46939B-0FB9-4599-9586-9C1066BE3DB9} . ==================== Find3M ==================== . 2012-11-12 12:18:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-12 11:51:11 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-02 05:27:51 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-11-02 04:48:28 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll 2012-10-27 05:36:37 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-10-27 05:36:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-10-27 05:00:40 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-27 04:59:41 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-10-27 04:23:06 482816 ----a-w- C:\Windows\System32\html.iec 2012-10-27 03:52:14 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 17:32:16 425984 ----a-w- C:\Windows\System32\KernelBase.dll 2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 8:54:43.62 ===============

hi my pc as started running real slow latley nothing shows up with a scan free malwarebytes programme or with microsoft security essentials. i managed to download this sweet pc fix thing may its that can anyone help? Thanks

ok so this is the problem when i go to unistall sweetpacks bundle unistaller via control panel uninstall a programme. it wants me to download an update from sweet. so of course i am not keen on doing this. what do you think ?

sorry for the delay here are the results of the quick scan OTL logfile created on: 09/11/2012 06:50:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 37.08% Memory free 5.48 Gb Paging File | 3.05 Gb Available in Paging File | 55.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.99 Gb Total Space | 208.60 Gb Free Space | 73.45% Space Free | Partition Type: NTFS Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/09 00:24:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Adam\Downloads\OTL.exe PRC - [2012/10/04 16:34:36 | 000,115,032 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe PRC - [2012/08/15 19:08:34 | 000,231,768 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe PRC - [2012/07/25 02:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE PRC - [2011/11/14 11:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe PRC - [2011/09/01 16:47:26 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2011/01/17 18:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011/01/17 18:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010/07/05 20:34:15 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010/06/07 10:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe PRC - [2010/04/17 05:57:08 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010/04/08 04:18:39 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010/04/08 04:18:38 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010/04/08 04:18:38 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/03/11 05:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010/03/11 05:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010/03/08 23:56:38 | 000,260,608 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 22:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 22:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/06/14 08:52:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/14 08:52:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/05/10 06:36:48 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 06:35:32 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/10 06:35:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/10 06:35:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/10 06:35:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/10 06:34:26 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011/11/14 11:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll MOD - [2011/11/14 11:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll MOD - [2011/11/14 11:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll MOD - [2011/11/14 11:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll MOD - [2011/11/14 11:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll MOD - [2011/11/14 11:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll MOD - [2011/11/14 11:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll MOD - [2011/04/18 15:35:57 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2011/04/18 15:35:57 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll MOD - [2010/07/05 20:34:15 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2010/06/07 10:15:42 | 000,618,496 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe MOD - [2010/03/09 00:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009/05/20 06:02:02 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc) SRV - [2011/08/14 19:42:57 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\599\g2aservice.exe -- (GoToAssist) SRV - [2010/04/17 05:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010/04/08 04:18:38 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 06:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/04/01 08:18:30 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010/03/21 09:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010/03/01 07:20:56 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/02/20 00:24:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/02/10 07:01:58 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/02 21:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/12/10 11:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/12/02 07:01:24 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2009/07/21 13:05:14 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2009/07/21 08:17:16 | 000,135,168 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 00:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/14 00:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/03 02:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009/06/03 02:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009/06/03 02:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2009/05/05 08:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 08:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/04/27 13:15:16 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV - [2009/09/10 07:50:16 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB428 IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2517162095-573492459-740728455-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adam\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) [2011/04/18 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions [2011/04/18 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adam\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} ========== Chrome ========== CHR - homepage: http://www.google.com/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adam\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ CHR - Extension: YouTube = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google Search = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: SweetIM for Facebook = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0\ CHR - Extension: Gmail = C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2517162095-573492459-740728455-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [suiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [sweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2517162095-573492459-740728455-1001..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA}: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF1C6892-61D2-470E-BAFD-587A3F1E0AB0}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\599\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a938232c-c320-11e0-b199-88ae1d601122}\Shell - "" = AutoRun O33 - MountPoints2\{a938232c-c320-11e0-b199-88ae1d601122}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1 O33 - MountPoints2\{e6135bbf-95e0-11e0-a535-00a0c6000000}\Shell - "" = AutoRun O33 - MountPoints2\{e6135bbf-95e0-11e0-a535-00a0c6000000}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/08 19:56:43 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{E02A0693-77C4-462B-897C-0FDBCF2EAE9B} [2012/11/08 07:53:27 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{085A3398-166A-47AB-8C18-C8EFC9CD2A0C} [2012/11/07 20:19:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM [2012/11/07 20:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM [2012/11/07 19:52:51 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{A3C65661-A735-400F-9CD0-8E4C5C72F900} [2012/11/07 19:28:38 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\taptaptap website [2012/11/07 07:52:32 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{97A94B6B-FF3C-4173-AEE6-83F24311519B} [2012/11/06 19:36:52 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{9C69CA62-7E03-43C3-8E7B-945FCA3518AE} [2012/11/06 07:36:30 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{3CEEA7AB-FE19-45A3-91C3-4D6E05878C3C} [2012/11/05 19:36:07 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{13F7437C-8556-41EF-9EE3-0E463EB6420A} [2012/11/05 07:35:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{31390213-4687-427A-BBAA-BBFC675C7AF7} [2012/11/04 19:35:22 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{CF008260-67F1-4C24-971C-7D0197FF7E79} [2012/11/04 07:35:03 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{8B12A9EC-D076-4C0E-9DB2-D6BBB01B16BC} [2012/11/03 12:45:48 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{6C064E86-1872-425D-9D2E-9CDD1771ED74} [2012/11/02 23:58:42 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{3F30D39B-6CA9-4C4D-85E6-FE33A5CE2906} [2012/11/02 11:47:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{50C3CC65-7894-4D56-9CB2-2694043A0EF6} [2012/11/01 21:15:54 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{D2475F90-5FB8-46E3-8461-D15AD84B588A} [2012/11/01 09:15:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{1678CFDE-16B7-4247-A983-21A6E3A4DB59} [2012/10/31 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{80F16B14-F87F-48AF-BF1A-DA12C6ADCAA4} [2012/10/31 07:17:03 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{6E4FF5E8-DF0E-48FA-840C-950C87E817C0} [2012/10/30 14:55:45 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{5354B4A1-A574-44A7-811A-4971A5733102} [2012/10/29 23:03:47 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{B9653312-713D-4D6C-8C5C-904613A97F94} [2012/10/29 10:00:00 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{138AF195-9B2F-422E-AAB6-328CCF91A3F4} [2012/10/28 21:29:13 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{F5C09271-1DD5-4C96-8A95-603342C70F10} [2012/10/28 09:06:10 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{6E4A268A-23A8-4DD7-B29A-28B45AD35A15} [2012/10/27 21:05:56 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{A739C445-0FAC-48EE-890B-41B401AE25B7} [2012/10/27 08:17:30 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{B2EFBDBB-AD76-4A67-8A20-29953CA5AEF9} [2012/10/26 19:39:42 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{0CDBB05F-1A3B-412B-94FC-3AF4DE05F578} [2012/10/26 05:23:56 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{C7CA1267-1191-40F9-9A0D-D558ECC9BD62} [2012/10/25 15:10:41 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{5DD2D0BB-FDE3-44E7-8426-02EC22E77571} [2012/10/24 21:55:05 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{95CFAF88-6F30-4663-8166-94EA88E63356} [2012/10/24 07:34:30 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{8CB8A030-D89E-4006-9807-22C2492B79BF} [2012/10/23 19:12:23 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{D121DE37-D6C4-4E4D-8BA6-415777CFFBC2} [2012/10/23 07:11:59 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{645CE3BF-6C5D-412C-A8A7-704E16606F51} [2012/10/22 18:45:48 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{3E7E36C5-E7EE-44C9-B711-3A02FB7E42C2} [2012/10/22 06:45:36 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{0D76920E-C12D-4007-BAC1-A8E2AAE21AEE} [2012/10/21 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{2BBF4CF8-AB8E-44F7-B1DC-2B2B3E2643C0} [2012/10/20 23:12:47 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{64D41C99-105D-4DD9-9B44-19B9CC533757} [2012/10/20 08:18:37 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{6CAA15E7-6DA9-4FD6-9E41-CCD01CFB5F37} [2012/10/19 20:18:25 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{E5138969-49CC-47D0-8AC7-C0A35A7DFBBC} [2012/10/18 22:26:44 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{B219B65A-ED0D-4D18-BEA9-84350862AAED} [2012/10/18 10:26:53 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{DCED3576-B0B6-4E84-A67F-F4CE16A35A16} [2012/10/17 21:32:31 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{635FD6C6-BDE3-4B4D-9B5E-D5725B4C2C8B} [2012/10/17 08:14:38 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{551DA2B5-CC73-46D2-A28C-8904EF78D725} [2012/10/16 20:14:16 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{DEAC8B37-ECD2-4F64-BF6E-3941AA9163DE} [2012/10/16 08:13:54 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{6F520831-3D77-4A4A-B31A-52FA25A31F65} [2012/10/15 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{3774D9DE-06AC-4DFE-AEF7-39ED472E0A5E} [2012/10/15 16:13:27 | 000,000,000 | ---D | C] -- C:\Users\Adam\Desktop\old suppliers [2012/10/15 07:11:35 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{89BD2D3F-1E63-444A-B5A4-03C9F91DEAD0} [2012/10/14 19:11:14 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{C0DB49BB-E3BC-4DCC-8EA6-7A25EAE9D194} [2012/10/14 07:11:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{15F41205-CBB8-4421-AACC-07A8B204C0F2} [2012/10/13 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{050E80B6-EA9F-411E-8122-3F2BE08D9570} [2012/10/12 22:42:02 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{BE24EADB-474E-4867-AE6B-0180010FD0F2} [2012/10/12 06:56:16 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{707B469D-64C5-45EC-9637-70C5515DFB6D} [2012/10/11 18:55:00 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{CF29AFC2-5DE1-4879-AA76-6EA00A85F81A} [2012/10/11 06:54:35 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{59B077D7-F8CD-40DE-8BDA-79C6F501AC2E} [2012/10/10 15:38:51 | 000,000,000 | ---D | C] -- C:\Users\Adam\AppData\Local\{D97F64D4-D073-4C84-958E-AE1DA26141C2} ========== Files - Modified Within 30 Days ========== [2012/11/09 06:28:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/09 06:09:29 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job [2012/11/09 06:09:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/09 00:27:16 | 000,034,319 | ---- | M] () -- C:\Users\Adam\Desktop\clayton returns policy.odt [2012/11/08 23:28:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/08 21:59:19 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job [2012/11/08 06:39:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/08 06:39:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/08 06:37:41 | 000,767,754 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/08 06:37:41 | 000,181,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/08 06:37:41 | 000,005,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/08 06:31:36 | 2207,289,344 | -HS- | M] () -- C:\hiberfil.sys [2012/11/08 05:59:04 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/07 20:19:34 | 000,000,219 | ---- | M] () -- C:\Users\Adam\Desktop\Search the Web.url [2012/11/07 20:19:34 | 000,000,213 | ---- | M] () -- C:\Users\Adam\Desktop\SweetPcFix.url [2012/11/07 19:27:50 | 000,002,481 | ---- | M] () -- C:\Users\Adam\Desktop\Google Chrome.lnk [2012/10/23 09:37:03 | 000,014,251 | ---- | M] () -- C:\Users\Adam\Desktop\goodody quote.ods [2012/10/23 09:36:54 | 000,014,555 | ---- | M] () -- C:\Users\Adam\Desktop\dk tools aug 2012.ods ========== Files Created - No Company Name ========== [2012/11/07 20:19:34 | 000,000,219 | ---- | C] () -- C:\Users\Adam\Desktop\Search the Web.url [2012/11/07 20:19:34 | 000,000,213 | ---- | C] () -- C:\Users\Adam\Desktop\SweetPcFix.url [2012/11/04 13:33:22 | 000,800,203 | ---- | C] () -- C:\Users\Adam\Desktop\DSCN3159.JPG [2012/11/04 13:33:09 | 000,664,286 | ---- | C] () -- C:\Users\Adam\Desktop\DSCN3189.JPG [2012/10/23 09:37:03 | 000,014,251 | ---- | C] () -- C:\Users\Adam\Desktop\goodody quote.ods [2012/10/16 19:09:56 | 000,786,057 | ---- | C] () -- C:\Users\Adam\Desktop\DSCN3171.JPG [2012/05/07 16:47:55 | 000,003,584 | ---- | C] () -- C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/06 23:53:34 | 000,000,164 | ---- | C] () -- C:\Users\Adam\AppData\Roaming\wklnhst.dat [2011/09/17 12:12:29 | 000,000,439 | ---- | C] () -- C:\Windows\wininit.ini [2011/08/14 19:42:47 | 000,103,784 | ---- | C] () -- C:\Users\Adam\GoToAssistDownloadHelper.exe [2011/06/04 18:50:10 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011/04/18 15:48:27 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/04/18 14:57:42 | 000,735,714 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/18 14:53:14 | 000,000,880 | ---- | C] () -- C:\Users\Adam\Downloads.lnk [2010/04/21 10:41:04 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/05/07 18:31:04 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Blackberry Desktop [2011/09/17 18:44:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\casualArts [2012/11/08 06:32:36 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Dropbox [2011/05/04 21:06:02 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\GetRightToGo [2011/09/17 12:12:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\HitPoint Studios [2011/10/05 20:11:12 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Namco [2011/06/25 20:32:11 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Oberon Media [2011/04/18 15:36:28 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\OpenOffice.org [2011/06/14 13:45:46 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\PlayFirst [2012/03/29 07:41:38 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Research In Motion [2011/09/18 06:44:10 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\SpinTop [2011/06/13 17:39:17 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Tatara Systems [2011/10/06 23:53:49 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Template [2011/04/18 15:48:24 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Thunderbird [2011/09/18 06:46:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\TitanicMystery [2011/05/03 15:36:45 | 000,000,000 | ---D | M] -- C:\Users\Adam\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5A99DEB7 @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:9195103F @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:93EB7685 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E36F5B57 @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0B9176C0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4B7317F4 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6C5EC3CD @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:8075370B < End of report > OTL Extras logfile created on: 09/11/2012 06:50:45 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Adam\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.74 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 37.08% Memory free 5.48 Gb Paging File | 3.05 Gb Available in Paging File | 55.70% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 283.99 Gb Total Space | 208.60 Gb Free Space | 73.45% Space Free | Partition Type: NTFS Computer Name: ADAM-PC | User Name: Adam | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0D5D5745-F778-4B35-957D-7E0A24881F8C}" = rport=138 | protocol=17 | dir=out | app=system | "{217DBF1A-F01A-47FF-B0B6-8CF002C80D43}" = rport=137 | protocol=17 | dir=out | app=system | "{2958D6DB-70B0-45EF-B300-0E609FFE1C41}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{31907136-BA62-459F-B4C0-EF45BDDC974F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47AB4B23-0191-4761-893A-6D2501965144}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{4E12CBD0-4FC3-4D06-85A9-B2E3E66B210B}" = lport=10243 | protocol=6 | dir=in | app=system | "{524021FE-D5E5-4C43-8216-12D8DFD252DC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{5297B8BB-2741-4C7A-939A-D5856F45B022}" = lport=445 | protocol=6 | dir=in | app=system | "{56ADB7E2-C777-4419-955E-66C4F63CD10A}" = rport=445 | protocol=6 | dir=out | app=system | "{60E3BF3E-F3C8-45D1-BFD4-96E209E12C31}" = lport=2869 | protocol=6 | dir=in | app=system | "{6319F524-9319-45B6-AE3D-4786FB44FA19}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{772D7CEB-C707-4358-93B8-12EC5ADE42A1}" = lport=139 | protocol=6 | dir=in | app=system | "{79F754BA-51B2-4817-A4E7-16F4DD9E7712}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{817545F6-EF66-4761-A7CB-4A642D117095}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{9A7EF8D1-7FDF-4BED-8950-A53441ED01A7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A166735E-3A32-4B0C-9A9E-303E90362218}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A6AFC312-4724-4345-A5D9-3982CF6A0DCE}" = rport=139 | protocol=6 | dir=out | app=system | "{ABF77663-3303-4FE2-97D9-018AD1F4377A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AEF0A32C-A51A-4D72-8261-E0C146BF96A7}" = lport=138 | protocol=17 | dir=in | app=system | "{B70266D5-4790-4974-8A25-35F63058BEA4}" = lport=137 | protocol=17 | dir=in | app=system | "{B718D947-2881-4980-B4E3-CB4CDBF81925}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B83B9E1C-DBE7-4F3F-8D0D-18D3A96AA15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C0C5CDBE-8FE3-4F43-A672-ED69E39222D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{C107338B-7D38-4783-9AB0-EE6594883984}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{D9F3A413-B84E-4FBE-A3C3-BDBFA17CCADA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DB859530-4FBB-40CA-9408-DCC35C93E21C}" = lport=2869 | protocol=6 | dir=in | app=system | "{E6B4FED1-FAC8-4933-8E9F-4CD1D4D3BECA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E704C7DD-D90B-4D74-99C0-D66683F0D4BC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E772D6B9-07A2-4980-9621-32520C2A4564}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E9D3F03C-276C-4552-9992-1AB670660E49}" = rport=10243 | protocol=6 | dir=out | app=system | "{F7729528-8FEF-4CD0-9F73-CD5F8775F417}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04290A55-042D-439F-AC44-BB36A5546167}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{05B44D7B-3874-46D9-8C94-A643B730F0A6}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{15F4A687-B4C0-41C9-B371-A8EE33F1C3B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{198E2252-C7FB-471C-8319-643683A49D8F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{1A85485B-6568-4BE6-BDEC-5A62168F381C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1E1E9938-711A-4FC8-97F2-5568F8EF73BB}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{1EB388D1-2150-467A-8AFA-61FD15522962}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{2003DB60-A327-4EFA-ABFB-2EB9769C70A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2414C12B-A0B5-444F-9290-E8F35DB58AEE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2A5A7BBA-ED5B-4550-A719-D0C8F9F9C939}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | "{37163062-D0F9-4597-8912-20F2E06C1E30}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{3BA9231C-CC02-4C02-BC84-AA3F06E91A47}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4758AC94-0D71-4A99-97CA-FEFB5DB53782}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4CDA1C00-9868-430B-86A2-30F425D1D2AB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{5206A446-ACC5-471A-8712-94909D341CB3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{67A51617-FF8C-47A1-9CD2-5B0D05D56469}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{6B3540D6-2753-4147-875F-D2B68B6F34A5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{722A644E-2186-4B95-AC98-0F21816154A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7640F387-99F5-4423-BDC0-405C28BEFA41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{79937C10-F8D3-422D-A2A5-1659D23EC099}" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe | "{7C3AE4A0-7A36-41EF-8077-3C18CBDBD818}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{862433E4-C809-4A42-897C-4F32F4117086}" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe | "{8E3EF2E1-188A-44C0-92C9-A9AA46775FAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8E9B7000-60C8-4D80-ACF1-7C19A42CA175}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9BA36836-D4DE-48DF-898B-894292FE24C0}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{A1A79366-F7DC-49BC-82D9-9FF000E3F327}" = protocol=6 | dir=out | app=system | "{AF644746-B3EF-4A15-BBFF-5A5A9602003F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{B579852C-8467-40B3-BA98-BCB30CBB3AD4}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{B6F4E6A5-4B9E-4A19-9401-DFB2DE1B71F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{B904F141-D85D-418C-9A2D-20CAC3B4DFFC}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | "{CBAA7695-EEC7-4043-A9A5-B109AC295D0B}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | "{D310CC1E-4A63-4F23-86E8-A413E8F3A332}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E154C657-2894-4B18-9C89-0484C801A0C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E51D6E50-87DE-4DF0-9315-74ACBA15497A}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | "{E7B3FD48-AA30-405C-AE01-B8F71B458174}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{EA473D7F-10B4-4959-B896-8D3C6BDA3642}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{F51349A6-21DA-4D37-96AF-6F29AC961725}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FE397EEA-75F8-4731-98C1-255617719DDC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{1AE8F2A2-6BD7-470D-97BC-6B611CC5FE33}C:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{369109BD-2F1F-4846-B439-F93550A66131}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "TCP Query User{A4543753-5A83-453F-AC8B-C895E7D07A95}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{4A570CA0-BE3E-4313-8C58-E235333196FC}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | "UDP Query User{A66FCEAF-4997-4BA6-8989-3E7BD0F4D4DE}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | "UDP Query User{F8BBB24B-D90E-447A-8E52-B27935B07A6C}C:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adam\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller "{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver "ZTE USB Driver" = ZTE USB Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 26 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic "{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management "{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1" = Acer GameZone Console "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.167.331 "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}" = BlackBerry Desktop Software 6.1 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1912 Titanic Mystery" = 1912 Titanic Mystery "Acer Registration" = Acer Registration "Acer Screensaver" = Acer ScreenSaver "Acer Welcome Center" = Welcome Center "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "BFGC" = Big Fish Games: Game Manager "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "GoToAssist" = GoToAssist Corporate "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Identity Card" = Identity Card "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2 "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8 "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager "InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "LManager" = Launch Manager "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "MyTomTom" = MyTomTom 3.1.0.530 "Samsung CLP-320 Series" = Maintenance Samsung CLP-320 SeriesVersion\Uninstall\MyTomTom "WinLiveSuite" = Windows Live Essentials "YTdetect" = Yahoo! Detect ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2517162095-573492459-740728455-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03/10/2012 08:13:03 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 03/10/2012 09:34:42 | Computer Name = Adam-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 04/10/2012 04:24:18 | Computer Name = Adam-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 05/10/2012 03:28:14 | Computer Name = Adam-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 06/10/2012 06:09:16 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 06/10/2012 06:13:15 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 06/10/2012 06:13:15 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 06/10/2012 06:13:15 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 06/10/2012 06:13:15 | Computer Name = Adam-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 06/10/2012 14:23:47 | Computer Name = Adam-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 07/10/2012 15:48:57 | Computer Name = Adam-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = [ System Events ] Error - 23/01/2012 03:23:48 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 23/01/2012 07:45:23 | Computer Name = Adam-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start. Error - 23/01/2012 07:45:23 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 23/01/2012 07:45:24 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 23/01/2012 07:56:20 | Computer Name = Adam-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start. Error - 23/01/2012 07:56:20 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 23/01/2012 07:56:20 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 24/01/2012 03:56:02 | Computer Name = Adam-PC | Source = Server | ID = 2505 Description = The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start. Error - 24/01/2012 03:56:02 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. Error - 24/01/2012 03:56:02 | Computer Name = Adam-PC | Source = NetBT | ID = 4321 Description = The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.67. The computer with the IP address 192.168.1.69 did not allow the name to be claimed by this computer. < End of report >

did a silly thing last night tried to get a new logo.and managed to download this sweet pc fix thing, i have tried to remove from control panel /uninstall a programme,but when i do the sweet pc fix wants me to download an up date.not keen on this. any tips on removal ? Thanks

Thanks for the tips. machine running well. no more trouble at mill. Great

also just downloaded service pack 2 for vista

ok great, i have sfc/scannow nothing came up. laptop is running a lot better now much faster.

restarted the machine and was able to run combo fix. ComboFix 11-03-01.03 - blenheim 05/03/2011 9:31.3.1 - x86 Microsoft

no i do not have another user account on the machine. i have tried to open a new one but cannot access control panel with the same message.

ok have tried that but cannot start the sfc.exe as its says "illegal operation attemted on a registry key that has been marked for deletion"

ok when i try to open a new text document or open google chrome it says "illegal operation attemted on a registry key that has been marked for deletion"

ok do i need to do anything else ?

ok is this a another bugette you have found ComboFix 11-03-01.03 - blenheim 03/03/2011 15:51:04.2.1 - x86 Microsoft

ok sorry for delay fell asleep while doing this..long day ComboFix 11-03-01.03 - blenheim 03/03/2011 0:39.1.1 - x86 Microsoft

i have downloaded combofix via google chrome but it did not give me the option to rename. what now ?

Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5937 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 02/03/2011 23:38:29 mbam-log-2011-03-02 (23-38-29).txt Scan type: Quick scan Objects scanned: 152370 Time elapsed: 14 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFSx86 Run by blenheim at 23:46:18.20 on 02/03/2011 Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_18 Microsoft