Jump to content

Recommended Posts

I've stupidly managed to get a virus which runs in safe mode. Any executable gets causes a pop-up that looks like the windows file download security warning saying do you want to run save or cancel. If I hit 'run' it comes up with a file download bar, then pops up with a 'do you want to run this software' pop-up, which then loops back to the first pop-up.

I've tried booting with safe mode from command prompt, which gets me into explorer, and I've tried using one of the chameleon processes, which I can get to run, but it hasn't fixed the problem.

The DDS script seemed to run OK and I've attached them

Thanks for the help - I'm at my wits end

Judy

DDS.txt

Attach.txt

Link to post
Share on other sites

Hy

my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Go to My Computer > Organize > Folder and Search Options and open the View tab.

Untick Hide extensions from known file types.

Click Apply and OK.

Download OTL to your Desktop.

Right-click and rename it to OTL.com

  • Double click on the icon to run it.
  • Under the Custom.jpg box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

Link to post
Share on other sites

Daniel,

I've run this as requested.

Judy

Otl.txt

OTL logfile created on: 02/03/2012 05:09:45 - Run 1

OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Joe\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.38% Memory free

5.50 Gb Paging File | 4.00 Gb Available in Paging File | 72.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 458.87 Gb Total Space | 338.34 Gb Free Space | 73.73% Space Free | Partition Type: NTFS

Drive D: | 458.87 Gb Total Space | 458.77 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Drive E: | 19.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 1009.97 Mb Total Space | 983.14 Mb Free Space | 97.34% Space Free | Partition Type: FAT

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/02 04:59:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.com

PRC - [2011/03/15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe

PRC - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe

PRC - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

PRC - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/20 12:09:01 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)

SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)

SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)

SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)

SRV:64bit: - [2011/06/23 14:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)

SRV:64bit: - [2011/01/27 17:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)

SRV:64bit: - [2009/07/04 01:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/04/19 15:34:48 | 000,625,184 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))

SRV:64bit: - [2009/04/19 15:34:48 | 000,207,904 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)

SRV - [2011/03/15 21:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/03/15 14:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2010/01/28 12:47:44 | 001,737,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe -- (BecHelperService)

SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/09/10 13:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)

SRV - [2009/08/28 09:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)

SRV - [2009/08/25 17:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/08/12 22:04:44 | 000,062,208 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 11:20:22 | 000,029,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)

DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)

DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)

DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)

DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010/04/16 20:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)

DRV:64bit: - [2010/03/18 17:42:34 | 000,575,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)

DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)

DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)

DRV:64bit: - [2010/01/19 11:49:52 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)

DRV:64bit: - [2010/01/19 11:49:52 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)

DRV:64bit: - [2009/07/14 01:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/14 01:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/26 07:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2009/06/10 20:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/02 11:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2009/06/02 11:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2009/06/02 11:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/30 05:06:58 | 000,339,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)

DRV - [2010/01/28 12:35:24 | 000,010,240 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\mdvrmng.sys -- (mdvrmng)

DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x1301&r=17360310sn0797358rsh5by9j12346

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x1301&r=17360310sn0797358rsh5by9j12346

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x1301&r=17360310sn0797358rsh5by9j12346

IE - HKLM\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3106777

IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{4E947638-B470-4B18-8546-75317A75DE1A}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB371GB372

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/27 20:47:32 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/29 01:28:05 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111228141915.dll (McAfee, Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111228141915.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (WinZipBar Toolbar) - {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (WinZipBar Toolbar) - {50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [backupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)

O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)

O4 - HKLM..\Run: [F5D7050v3] C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe File not found

O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()

O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)

O4 - Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\nvLsp64.dll (NVIDIA)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\nvLsp.dll (NVIDIA)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} http://downloads.exam2score.com/ePenClientSpec.ocx (ePenClientSpec.ucEPenClientspec)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4F0A5F-8EA0-44EA-AF9A-AB6E3FBD2D6E}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFD7A9A8-2321-4EDB-9000-B3767FA25671}: DhcpNameServer = 192.168.1.254

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)

O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/02/22 09:06:50 | 000,000,163 | -HS- | M] () - H:\autorun.inf -- [ FAT ]

O33 - MountPoints2\{21a44882-7936-11e0-8f14-944452016dc1}\Shell - "" = AutoRun

O33 - MountPoints2\{21a44882-7936-11e0-8f14-944452016dc1}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/02 05:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

[2012/03/02 05:05:05 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.com

[2012/02/29 14:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan

[2012/02/29 14:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Security Scan

[2012/02/29 14:09:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/02/29 14:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZipBar

[2012/02/29 14:09:21 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Conduit

[2012/02/29 14:08:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2012/02/29 14:08:55 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\WinZip

[2012/02/29 14:08:49 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2012/02/29 14:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip

[2012/02/28 07:32:08 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Interview

[2012/02/23 08:41:39 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\Holgate Sports College

[2012/02/05 21:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus

[2012/02/02 18:33:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan

[2012/02/02 18:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan

[2012/02/02 18:33:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

========== Files - Modified Within 30 Days ==========

[2012/03/02 05:12:25 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/03/02 05:12:25 | 000,619,206 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/03/02 05:12:25 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/03/02 05:06:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/02 05:06:28 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/02 05:05:24 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

[2012/03/02 04:59:48 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.com

[2012/03/02 04:59:48 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/03/02 04:58:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/03/02 04:58:34 | 2213,449,728 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/01 11:20:22 | 000,029,808 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2012/02/29 14:09:37 | 000,001,812 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk

[2012/02/29 14:09:37 | 000,001,778 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk

[2012/02/29 14:08:57 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk

[2012/02/28 08:37:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/27 21:02:01 | 000,263,138 | ---- | M] () -- C:\Users\Joe\Desktop\Review_comments_for_Proficiency_in_algebra,_geometry_and_statistics_-_attached.zip

[2012/02/24 12:32:28 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/02/23 14:29:36 | 000,000,346 | ---- | M] () -- C:\Windows\wininit.ini

[2012/02/23 14:29:29 | 000,001,013 | ---- | M] () -- C:\Users\Joe\Desktop\Dropbox.lnk

[2012/02/23 14:29:29 | 000,000,993 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/02/05 21:45:18 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2012/02/05 21:45:18 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

========== Files Created - No Company Name ==========

[2012/03/01 10:59:31 | 000,029,808 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2012/02/29 14:09:37 | 000,001,812 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk

[2012/02/29 14:09:37 | 000,001,778 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Security Scan.lnk

[2012/02/29 14:08:57 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk

[2012/02/28 07:37:53 | 000,263,138 | ---- | C] () -- C:\Users\Joe\Desktop\Review_comments_for_Proficiency_in_algebra,_geometry_and_statistics_-_attached.zip

[2012/02/20 09:33:54 | 001,139,542 | ---- | C] () -- C:\Users\Joe\Desktop\Specification 2ST01.pdf

[2012/02/02 18:33:27 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

[2012/02/02 18:33:26 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

[2011/12/07 08:40:24 | 000,000,346 | ---- | C] () -- C:\Windows\wininit.ini

[2011/06/22 10:26:29 | 000,009,216 | -HS- | C] () -- C:\Users\Joe\AppData\Local\4cr3j248u5w0p76767u737dq

[2011/06/22 10:26:29 | 000,009,216 | -HS- | C] () -- C:\ProgramData\4cr3j248u5w0p76767u737dq

[2011/06/19 16:48:57 | 000,011,124 | -HS- | C] () -- C:\Users\Joe\AppData\Local\ux28k8k70xg6ehd13ev2e

[2011/06/19 16:48:57 | 000,011,124 | -HS- | C] () -- C:\ProgramData\ux28k8k70xg6ehd13ev2e

[2011/05/08 05:49:32 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\mdvrmng.sys

[2010/06/11 09:00:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/03/18 17:43:49 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\UpdateDriver.exe

[2010/03/18 17:43:48 | 000,005,224 | ---- | C] () -- C:\Windows\SysWow64\ucuiinfo.ini

========== LOP Check ==========

[2011/01/23 14:07:13 | 000,000,000 | -HSD | M] -- C:\Users\Joe\AppData\Roaming\.#

[2011/11/21 10:26:48 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Birdstep Technology

[2011/12/05 08:41:12 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Centra

[2012/02/29 14:01:58 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Dropbox

[2010/10/04 14:15:42 | 000,000,000 | -H-D | M] -- C:\Users\Joe\AppData\Roaming\FileZilla

[2010/03/19 10:50:16 | 000,000,000 | -H-D | M] -- C:\Users\Joe\AppData\Roaming\GameConsole

[2012/02/27 22:15:08 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\GoPanda

[2011/03/03 17:00:37 | 000,000,000 | -H-D | M] -- C:\Users\Joe\AppData\Roaming\Registry Mechanic

[2011/11/21 10:28:00 | 000,000,000 | ---D | M] -- C:\Users\Joe\AppData\Roaming\Saba

[2011/03/03 16:53:26 | 000,000,000 | -H-D | M] -- C:\Users\Joe\AppData\Roaming\Softland

[2011/08/14 19:48:32 | 000,000,000 | -H-D | M] -- C:\Users\Joe\AppData\Roaming\Trusteer

[2011/12/23 12:46:04 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2010/03/21 16:29:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2006/10/10 18:22:42 | 000,000,000 | -H-D | M] -- C:\AcerSW

[2006/10/10 18:05:35 | 000,000,000 | -H-D | M] -- C:\book

[2010/03/13 16:46:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011/11/21 10:27:33 | 000,000,000 | ---D | M] -- C:\hp_P1000_P1500_Full_Solution

[2009/10/17 02:12:55 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011/11/21 10:27:33 | 000,000,000 | -H-D | M] -- C:\OEM

[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012/02/29 14:08:47 | 000,000,000 | R--D | M] -- C:\Program Files

[2012/02/29 14:09:36 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2012/02/29 14:08:49 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010/03/13 16:46:24 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012/03/02 05:13:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011/05/29 13:38:52 | 000,000,000 | -H-D | M] -- C:\temp

[2010/03/13 16:46:30 | 000,000,000 | R--D | M] -- C:\Users

[2012/03/01 09:50:59 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >

< MD5 for: EXPLORER.EXE >

[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe

[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009/08/03 06:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe

[2009/10/31 06:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009/10/31 06:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009/07/14 01:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009/08/03 06:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >

[2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009/07/14 01:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009/07/14 01:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >

[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009/07/14 01:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WININIT.EXE >

[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >

[2009/07/14 01:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009/10/28 07:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe

[2009/10/28 06:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:0B9176C0

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:ABE89FFE

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

extras.txt

OTL Extras logfile created on: 02/03/2012 05:09:45 - Run 1

OTL by OldTimer - Version 3.2.34.0 Folder = C:\Users\Joe\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.75 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 65.38% Memory free

5.50 Gb Paging File | 4.00 Gb Available in Paging File | 72.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 458.87 Gb Total Space | 338.34 Gb Free Space | 73.73% Space Free | Partition Type: NTFS

Drive D: | 458.87 Gb Total Space | 458.77 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Drive E: | 19.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 1009.97 Mb Total Space | 983.14 Mb Free Space | 97.34% Space Free | Partition Type: FAT

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}" = WinZip 16.0

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"doPDF 7 printer_is1" = doPDF 7.2 printer

"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance

"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress

"{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}" = Kaspersky Security Scan

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{71C5AAF9-3EB6-4269-AFF1-6FCCCD8B7D07}" = ePEN Scoring System

"{73F80A0C-11B2-4BB2-A9F9-0F14ECF39980}" = Bing Bar

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{98E0B6A6-CEA8-4904-90C0-45166B763177}" = PANDA-EGG

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A821BC77-32FD-4CF3-A006-75CB3B525633}" = AirZip Plug-in for Internet Explorer

"{A82D052A-0806-42DF-80CD-1730A1AC0ED3}" = MrvlUsgTracking

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X

"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari

"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center

"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter

"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade

"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{e30fce96-c91b-4f1f-af7b-1bf58fdbbf24}" = Nero 9 Essentials

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help

"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter

"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CentraClient" = Centra Client

"FileZilla Client" = FileZilla Client 3.3.4.1

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"Hotkey Utility" = Hotkey Utility

"HP LaserJet P1000 series" = HP LaserJet P1000 series

"Identity Card" = Identity Card

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"InstallShield_{A821BC77-32FD-4CF3-A006-75CB3B525633}" = AirZip Plug-in for Internet Explorer

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"MSC" = McAfee Internet Security Suite

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinZipBar Toolbar" = WinZipBar Toolbar

"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"GoPanda" = GoPanda

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/12/2011 14:08:57 | Computer Name = Joe-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 11/12/2011 14:19:48 | Computer Name = Joe-PC | Source = Application Hang | ID = 1002

Description = The program javaw.exe version 6.0.160.1 stopped interacting with Windows

and was closed. To see if more information about the problem is available, check

the problem history in the Action Center control panel. Process ID: 127c Start Time:

01ccb82fff4fe6f0 Termination Time: 93 Application Path: C:\Program Files (x86)\Java\jre6\bin\javaw.exe

Report

Id:

Error - 12/12/2011 03:38:34 | Computer Name = Joe-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

Error - 12/12/2011 08:36:46 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 12/12/2011 08:38:20 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 12/12/2011 08:39:24 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/12/2011 08:39:25 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/12/2011 08:39:25 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/12/2011 08:39:25 | Computer Name = Joe-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".

Dependent

Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 13/12/2011 09:10:45 | Computer Name = Joe-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

[ System Events ]

Error - 01/03/2012 07:38:07 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:38:08 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001

Description = The Network List Service service depends on the Network Location Awareness

service which failed to start because of the following error: %%1068

Error - 01/03/2012 07:41:16 | Computer Name = Joe-PC | Source = DCOM | ID = 10005

Description =

Error - 02/03/2012 00:59:00 | Computer Name = Joe-PC | Source = Application Popup | ID = 1060

Description = \??\C:\Windows\SysWow64\drivers\mdvrmng.sys has been blocked from

loading due to incompatibility with this system. Please contact your software vendor

for a compatible version of the driver.

Error - 02/03/2012 00:59:00 | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7000

Description = The Mobile IP Route Manager service failed to start due to the following

error: %%1275

< End of report >

Link to post
Share on other sites

Hy there.

Double click on the OTL icon to run it.

Copy/paste the entire contents of the codebox below into the Custom.jpg Box:

:otl
[2011/06/22 10:26:29 | 000,009,216 | -HS- | C] () -- C:\Users\Joe\AppData\Local\4cr3j248u5w0p76767u737dq
[2011/06/22 10:26:29 | 000,009,216 | -HS- | C] () -- C:\ProgramData\4cr3j248u5w0p76767u737dq
[2011/06/19 16:48:57 | 000,011,124 | -HS- | C] () -- C:\Users\Joe\AppData\Local\ux28k8k70xg6ehd13ev2e
[2011/06/19 16:48:57 | 000,011,124 | -HS- | C] () -- C:\ProgramData\ux28k8k70xg6ehd13ev2e
[2011/01/23 14:07:13 | 000,000,000 | -HSD | M] -- C:\Users\Joe\AppData\Roaming\.#
:commands
[emptytemp]

  • Please close all other programs now.
  • Then click the Run Fix button at the top.
  • OTL may ask to reboot the machine. Please do so if asked.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Please post the log in your next reply.

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

Rename it to svchost.com

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

Please post in your next reply

OTLFIx Log

Combofix.txt

Link to post
Share on other sites

OK, I managed to disable mcafee eventually, and ran combofix. I've still got the same symptoms as afar as I can tell. I've posted the logs below.

Judy

All processes killed

========== OTL ==========

C:\Users\Joe\AppData\Local\4cr3j248u5w0p76767u737dq moved successfully.

C:\ProgramData\4cr3j248u5w0p76767u737dq moved successfully.

C:\Users\Joe\AppData\Local\ux28k8k70xg6ehd13ev2e moved successfully.

C:\ProgramData\ux28k8k70xg6ehd13ev2e moved successfully.

C:\Users\Joe\AppData\Roaming\.# folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Joe

->Temp folder emptied: 28488643 bytes

->Temporary Internet Files folder emptied: 256602664 bytes

->Java cache emptied: 56967437 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 20876 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1272244 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 52123 bytes

RecycleBin emptied: 233325793 bytes

Total Files Cleaned = 550.00 mb

OTL by OldTimer - Version 3.2.34.0 log created on 03022012_175940

Files\Folders moved on Reboot...

C:\Users\Joe\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

ComboFix 12-03-02.01 - Joe 02/03/2012 20:01:51.1.2 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.2815.2260 [GMT 0:00]

Running from: c:\users\Joe\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Acer GameZone online.ico

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk

.

.

((((((((((((((((((((((((( Files Created from 2012-02-02 to 2012-03-02 )))))))))))))))))))))))))))))))

.

.

2012-03-02 20:05 . 2012-03-02 20:05 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-02 17:59 . 2012-03-02 17:59 -------- d-----w- C:\_OTL

2012-03-01 10:59 . 2012-03-01 11:20 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-02-29 14:09 . 2012-02-29 14:09 -------- d-----w- c:\program files (x86)\Kaspersky Security Scan

2012-02-29 14:09 . 2012-02-29 14:09 -------- d-----w- c:\program files (x86)\Conduit

2012-02-29 14:09 . 2012-02-29 14:09 -------- d-----w- c:\program files (x86)\WinZipBar

2012-02-29 14:09 . 2012-02-29 14:09 -------- d-----w- c:\users\Joe\AppData\Local\Conduit

2012-02-29 14:08 . 2012-02-29 14:08 -------- d-----w- c:\users\Joe\AppData\Local\WinZip

2012-02-29 14:08 . 2012-02-29 14:10 -------- d-----w- c:\programdata\WinZip

2012-02-02 18:33 . 2012-02-02 18:33 -------- d-----w- c:\programdata\McAfee Security Scan

2012-02-02 18:33 . 2012-02-05 21:45 -------- d-----w- c:\program files (x86)\McAfee Security Scan

2012-02-02 18:33 . 2012-02-02 18:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-02-02 18:33 . 2012-02-02 18:33 -------- d-----w- c:\windows\system32\Macromed

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-10 15:24 . 2011-06-23 13:35 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WinZipBar\prxtbWinZ.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-03 39408]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-02-24 5487488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-12 261888]

"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2009-08-18 629280]

"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1675160]

"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-11-07 149280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

.

c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Joe\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Kaspersky Security Scan.lnk - c:\program files (x86)\Kaspersky Security Scan\KSS.exe [2010-11-29 2402696]

McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R2 0161491330711685mcinstcleanup;McAfee Application Installer Cleanup (0161491330711685);c:\windows\TEMP\016149~1.EXE [x]

R2 BecHelperService;BecHelperService;c:\program files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2010-01-28 1737464]

R2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 135664]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-10-18 208536]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-10-18 161168]

R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-12 62208]

R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 135664]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]

R3 netr7364;Belkin Wireless 54G USB Network Adapter Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-20 140672]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 17:06]

.

2012-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-03 17:06]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:\users\Joe\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-20 7981088]

"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 16333856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_x1301&r=17360310sn0797358rsh5by9j12346

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%\system32\nvLsp.dll

TCP: DhcpNameServer = 192.168.1.254

DPF: {CCA21D49-582E-4F37-9CE4-5B446D2A150C} - hxxp://downloads.exam2score.com/ePenClientSpec.ocx

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-F5D7050v3 - c:\program files (x86)\Belkin\F5D7050v3\Belkinwcui.exe

Toolbar-Locked - (no file)

WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)

AddRemove-GoPanda - c:\windows\system32\javaws.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]

"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-03-02 20:07:14

ComboFix-quarantined-files.txt 2012-03-02 20:07

.

Pre-Run: 363,516,805,120 bytes free

Post-Run: 363,011,194,880 bytes free

.

- - End Of File - - 533E0E175FC640E99B9B6B972EC15967

Link to post
Share on other sites

No worries, we will sort this out.

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst64 and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log ( FRST.txt ) on the flash drive. Please copy and paste it to your reply.

Link to post
Share on other sites

Daniel,

Here's the log

Scan result of Farbar Recovery Scan Tool Version: 29-02-2012 01

Ran by SYSTEM at 03-03-2012 14:44:13

Running from J:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)

HKLM\...\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [349480 2009-09-10] (Egis Technology Inc.)

HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16333856 2009-07-14] (NVIDIA Corporation)

HKLM-x32\...\Run: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k [261888 2009-08-12] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-17] ()

HKLM-x32\...\Run: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [199464 2009-08-03] (Egis Technology Inc.)

HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2011-11-22] (McAfee, Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" [149280 2010-11-07] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)

HKU\Joe\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-03-03] (Google Inc.)

HKU\Joe\...\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5487488 2012-02-24] (SUPERAntiSpyware.com)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-01-20] (SUPERAntiSpyware.com)

2 0161491330711685mcinstcleanup; C:\Windows\TEMP\016149~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [42 2012-03-02] ()

2 BecHelperService; C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [1737464 2010-01-28] ()

2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()

2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)

2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [501768 2011-06-23] (McAfee, Inc.)

2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2011-10-18] (McAfee, Inc.)

2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [208536 2011-10-18] (McAfee, Inc.)

2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [161168 2011-10-18] (McAfee, Inc.)

2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)

3 MWLService; C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [305448 2009-09-10] (Egis Technology Inc.)

3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-08-25] (Nero AG)

2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()

2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [62208 2009-08-12] (NewTech Infosystems, Inc.)

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)

3 cfwids; C:\Windows\System32\drivers\cfwids.sys [65264 2011-10-15] (McAfee, Inc.)

3 massfilter; C:\Windows\System32\drivers\massfilter.sys [11776 2010-01-19] (ZTE Incorporated)

3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [29808 2012-03-01] ()

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160280 2011-10-15] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [229528 2011-10-15] (McAfee, Inc.)

3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481768 2011-10-15] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [647080 2011-10-15] (McAfee, Inc.)

1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75808 2011-10-15] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100912 2011-10-15] (McAfee, Inc.)

1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [284648 2011-10-15] (McAfee, Inc.)

3 netr7364; C:\Windows\System32\DRIVERS\netr7364.sys [575488 2010-03-18] (Ralink Technology, Corp.)

3 NVENETFD; C:\Windows\System32\DRIVERS\nvm62x64.sys [408960 2009-06-10] (NVIDIA Corporation)

3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-29] (NVIDIA Corporation)

3 nvsmu; C:\Windows\System32\DRIVERS\nvsmu.sys [28704 2009-04-24] (NVIDIA Corporation)

0 nvstor64; C:\Windows\System32\DRIVERS\nvstor64.sys [239136 2009-04-29] (NVIDIA Corporation)

1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

3 ZTEusbmdm6k; C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys [119680 2010-01-19] (ZTE Incorporated)

3 ZTEusbnmea; C:\Windows\System32\DRIVERS\ZTEusbnmea.sys [119680 2010-01-19] (ZTE Incorporated)

3 ZTEusbser6k; C:\Windows\System32\DRIVERS\ZTEusbser6k.sys [119680 2010-01-19] (ZTE Incorporated)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

2 mdvrmng; \??\C:\Windows\system32\drivers\mdvrmng.sys [x]

3 mfeavfk01; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-03-03 14:44 - 2012-03-03 14:44 - 0000000 ____D C:\FRST

2012-03-02 12:32 - 2012-03-02 12:32 - 0000000 __SHD C:\$RECYCLE.BIN

2012-03-02 12:07 - 2012-03-02 12:07 - 0018290 ____A C:\ComboFix.txt

2012-03-02 12:00 - 2012-03-02 12:06 - 0000000 ____D C:\Windows\ERDNT

2012-03-02 12:00 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe

2012-03-02 12:00 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe

2012-03-02 12:00 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-03-02 12:00 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-03-02 12:00 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-03-02 12:00 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe

2012-03-02 12:00 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe

2012-03-02 12:00 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe

2012-03-02 10:36 - 2012-03-02 12:07 - 0000000 ____D C:\Qoobox

2012-03-02 10:36 - 2012-03-02 09:54 - 4424615 ___RA (Swearware) C:\Users\Joe\Desktop\ComboFix.exe

2012-03-02 09:59 - 2012-03-02 09:59 - 0000000 ____D C:\_OTL

2012-03-01 21:21 - 2012-03-01 21:21 - 0101868 ____A C:\Users\Joe\Desktop\OTL.Txt

2012-03-01 21:21 - 2012-03-01 21:21 - 0045108 ____A C:\Users\Joe\Desktop\Extras.Txt

2012-03-01 21:05 - 2012-03-01 20:59 - 0584704 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.com

2012-03-01 02:59 - 2012-03-01 03:20 - 0029808 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-03-01 01:50 - 2012-03-02 12:07 - 0624728 ____A C:\Windows\ntbtlog.txt

2012-02-29 06:09 - 2012-02-29 06:09 - 0001812 ____A C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk

2012-02-29 06:09 - 2012-02-29 06:09 - 0001778 ____A C:\Users\Public\Desktop\Kaspersky Security Scan.lnk

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Users\Joe\AppData\Local\Conduit

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\WinZipBar

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\Kaspersky Security Scan

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\Conduit

2012-02-29 06:08 - 2012-02-29 06:10 - 0000000 ____D C:\Users\All Users\WinZip

2012-02-29 06:08 - 2012-02-29 06:10 - 0000000 ____D C:\ProgramData\WinZip

2012-02-29 06:08 - 2012-02-29 06:08 - 0002209 ____A C:\Users\Public\Desktop\WinZip.lnk

2012-02-29 06:08 - 2012-02-29 06:08 - 0000000 ____D C:\Users\Joe\AppData\Local\WinZip

2012-02-29 06:08 - 2012-02-29 06:08 - 0000000 ____D C:\Program Files\WinZip

2012-02-27 23:37 - 2012-02-27 13:02 - 0263138 ____A C:\Users\Joe\Desktop\Review_comments_for_Proficiency_in_algebra,_geometry_and_statistics_-_attached.zip

2012-02-27 23:32 - 2012-02-28 00:22 - 0000000 ____D C:\Users\Joe\Desktop\Interview

2012-02-23 00:41 - 2012-02-26 07:52 - 0000000 ____D C:\Users\Joe\Desktop\Holgate Sports College

2012-02-20 01:33 - 2012-01-11 00:26 - 1139542 ____A C:\Users\Joe\Desktop\Specification 2ST01.pdf

2012-02-02 10:33 - 2012-02-05 13:45 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2012-02-02 10:33 - 2012-02-05 13:45 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

2012-02-02 10:33 - 2012-02-05 13:45 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan

2012-02-02 10:33 - 2012-02-02 10:33 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\Windows\System32\Macromed

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\Users\All Users\McAfee Security Scan

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\ProgramData\McAfee Security Scan

============ 3 Months Modified Files and Folders =============

2012-03-03 06:37 - 2011-06-21 02:06 - 1325215 ____A C:\Windows\WindowsUpdate.log

2012-03-03 06:37 - 2011-03-03 09:06 - 0000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-03-03 05:51 - 2011-03-03 09:06 - 0000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-03-03 01:13 - 2010-07-23 06:21 - 0001832 ____A C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk

2012-03-03 01:11 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-03-03 01:11 - 2009-07-13 20:45 - 0009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-03-03 01:08 - 2009-07-13 21:13 - 0713888 ____A C:\Windows\System32\PerfStringBackup.INI

2012-03-03 01:04 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT

2012-03-03 01:03 - 2011-11-21 04:48 - 0013826 ____A C:\Windows\setupact.log

2012-03-03 01:03 - 2006-10-10 09:53 - 2213449728 __ASH C:\hiberfil.sys

2012-03-02 12:32 - 2012-03-02 12:32 - 0000000 __SHD C:\$RECYCLE.BIN

2012-03-02 12:31 - 2011-11-22 07:02 - 0008748 ____A C:\Windows\PFRO.log

2012-03-02 12:07 - 2012-03-02 12:07 - 0018290 ____A C:\ComboFix.txt

2012-03-02 12:07 - 2012-03-02 10:36 - 0000000 ____D C:\Qoobox

2012-03-02 12:07 - 2012-03-01 01:50 - 0624728 ____A C:\Windows\ntbtlog.txt

2012-03-02 12:07 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Public

2012-03-02 12:06 - 2012-03-02 12:00 - 0000000 ____D C:\Windows\ERDNT

2012-03-02 12:05 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini

2012-03-02 12:05 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts

2012-03-02 09:59 - 2012-03-02 09:59 - 0000000 ____D C:\_OTL

2012-03-02 09:54 - 2012-03-02 10:36 - 4424615 ___RA (Swearware) C:\Users\Joe\Desktop\ComboFix.exe

2012-03-01 21:21 - 2012-03-01 21:21 - 0101868 ____A C:\Users\Joe\Desktop\OTL.Txt

2012-03-01 21:21 - 2012-03-01 21:21 - 0045108 ____A C:\Users\Joe\Desktop\Extras.Txt

2012-03-01 20:59 - 2012-03-01 21:05 - 0584704 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.com

2012-03-01 03:20 - 2012-03-01 02:59 - 0029808 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-03-01 03:15 - 2011-11-21 02:37 - 0000000 ____D C:\Program Files\SUPERAntiSpyware

2012-02-29 06:10 - 2012-02-29 06:08 - 0000000 ____D C:\Users\All Users\WinZip

2012-02-29 06:10 - 2012-02-29 06:08 - 0000000 ____D C:\ProgramData\WinZip

2012-02-29 06:09 - 2012-02-29 06:09 - 0001812 ____A C:\Users\All Users\Start Menu\Programs\Startup\Kaspersky Security Scan.lnk

2012-02-29 06:09 - 2012-02-29 06:09 - 0001778 ____A C:\Users\Public\Desktop\Kaspersky Security Scan.lnk

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Users\Joe\AppData\Local\Conduit

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\WinZipBar

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\Kaspersky Security Scan

2012-02-29 06:09 - 2012-02-29 06:09 - 0000000 ____D C:\Program Files (x86)\Conduit

2012-02-29 06:09 - 2010-03-13 08:46 - 0000000 ____D C:\Users\Joe\AppData\LocalLow

2012-02-29 06:08 - 2012-02-29 06:08 - 0002209 ____A C:\Users\Public\Desktop\WinZip.lnk

2012-02-29 06:08 - 2012-02-29 06:08 - 0000000 ____D C:\Users\Joe\AppData\Local\WinZip

2012-02-29 06:08 - 2012-02-29 06:08 - 0000000 ____D C:\Program Files\WinZip

2012-02-29 06:01 - 2011-06-04 12:14 - 0000000 ____D C:\Users\Joe\AppData\Roaming\Dropbox

2012-02-29 06:00 - 2011-06-04 12:17 - 0000000 ___RD C:\Users\Joe\Dropbox

2012-02-28 00:22 - 2012-02-27 23:32 - 0000000 ____D C:\Users\Joe\Desktop\Interview

2012-02-27 14:15 - 2011-11-25 08:13 - 0000000 ____D C:\Users\Joe\AppData\Roaming\GoPanda

2012-02-27 13:02 - 2012-02-27 23:37 - 0263138 ____A C:\Users\Joe\Desktop\Review_comments_for_Proficiency_in_algebra,_geometry_and_statistics_-_attached.zip

2012-02-26 07:52 - 2012-02-23 00:41 - 0000000 ____D C:\Users\Joe\Desktop\Holgate Sports College

2012-02-26 07:52 - 2011-09-02 22:45 - 0000000 ___HD C:\Users\Joe\Desktop\Mar 2012

2012-02-25 06:43 - 2011-10-02 02:45 - 0611328 ___AH C:\Users\Joe\Desktop\My money 6.xls

2012-02-24 04:32 - 2012-01-20 04:07 - 0001117 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-02-24 04:32 - 2011-06-23 05:35 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-02-23 06:29 - 2011-12-07 00:40 - 0000346 ____A C:\Windows\wininit.ini

2012-02-23 06:29 - 2011-06-04 12:17 - 0001013 ____A C:\Users\Joe\Desktop\Dropbox.lnk

2012-02-23 06:29 - 2011-06-04 12:15 - 0000993 ____A C:\Users\Joe\Start Menu\Programs\Startup\Dropbox.lnk

2012-02-23 06:29 - 2011-06-04 12:15 - 0000993 ____A C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

2012-02-23 00:42 - 2012-01-03 14:57 - 0000000 ____D C:\Users\Joe\Desktop\JPL

2012-02-20 04:48 - 2010-03-21 04:26 - 0000000 ___HD C:\Users\Joe\Desktop\Edexcel

2012-02-05 13:45 - 2012-02-02 10:33 - 0001866 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2012-02-05 13:45 - 2012-02-02 10:33 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

2012-02-05 13:45 - 2012-02-02 10:33 - 0000000 ____D C:\Program Files (x86)\McAfee Security Scan

2012-02-02 10:33 - 2012-02-02 10:33 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\Windows\System32\Macromed

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\Users\All Users\McAfee Security Scan

2012-02-02 10:33 - 2012-02-02 10:33 - 0000000 ____D C:\ProgramData\McAfee Security Scan

2012-01-28 07:27 - 2012-01-28 07:27 - 0003185 ____A C:\Users\Joe\Documents\2012-01-28-Titus7k-i194703218k.sgf

2012-01-11 00:26 - 2012-02-20 01:33 - 1139542 ____A C:\Users\Joe\Desktop\Specification 2ST01.pdf

2012-01-08 23:24 - 2011-08-14 23:34 - 0030720 ___AH C:\Users\Joe\Desktop\170_Dining Form.doc

2012-01-06 00:40 - 2012-01-06 00:40 - 0001771 ____A C:\Users\Joe\Documents\2012-01-06-Titus7k-fu04118k.sgf

2012-01-03 14:58 - 2010-12-05 23:21 - 0000000 ____D C:\Users\Joe\Desktop\Family

2012-01-03 03:38 - 2012-01-02 01:33 - 0124928 ____A C:\Users\Joe\Desktop\Tax_11_12.xls

2012-01-02 10:23 - 2010-03-31 07:45 - 0000000 ___HD C:\Users\Joe\Desktop\Tax

2011-12-27 05:30 - 2011-12-27 05:08 - 0013679 ____A C:\Users\Joe\Documents\Date converter 2012.xlsx

2011-12-23 04:46 - 2009-07-13 21:08 - 0032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2011-12-15 09:50 - 2011-12-15 09:50 - 0003029 ____A C:\Users\Joe\Documents\2011-12-15-dongo9k-Titus10k.sgf

2011-12-10 07:24 - 2011-06-23 05:35 - 0023152 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2011-12-05 00:41 - 2010-07-14 23:56 - 0000000 ____D C:\Users\Joe\AppData\Roaming\Centra

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe

[2010-03-18 10:25] - [2009-10-30 21:45] - 2614272 ____A (Microsoft Corporation) 2626FC9755BE22F805D3CFA0CE3EE727

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 23%

Total physical RAM: 2814.55 MB

Available physical RAM: 2161.38 MB

Total Pagefile: 2812.7 MB

Available Pagefile: 2139.67 MB

Total Virtual: 8192 MB

Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (Acer) (Fixed) (Total:458.87 GB) (Free:337.66 GB) NTFS

2 Drive e: (DATA) (Fixed) (Total:458.87 GB) (Free:458.77 GB) NTFS

3 Drive f: (PQSERVICE) (Fixed) (Total:13.67 GB) (Free:4.53 GB) NTFS ==>[system with boot components (obtained from reading drive)]

5 Drive h: (Jan 11 2012) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS

7 Drive j: () (Removable) (Total:0.99 GB) (Free:0.95 GB) FAT

8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

9 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 0 B

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 Online 1010 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Recovery 13 GB 1024 KB

Partition 2 Primary 100 MB 13 GB

Partition 3 Primary 458 GB 13 GB

Partition 4 Primary 458 GB 472 GB

======================================================================================================

Disk: 0

Partition 1

Type : 27

Hidden: Yes

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C Acer NTFS Partition 458 GB Healthy

======================================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E DATA NTFS Partition 458 GB Healthy

======================================================================================================

Partitions of Disk 3:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1010 MB 16 KB

======================================================================================================

Disk: 3

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 7 J FAT Removable 1010 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-03 01:27

======================= End Of Log ==========================

Link to post
Share on other sites

Its my Husbands computer, and so I'm not that familiar with the icons on the desktop. However, the kasparsky does not look familiar, and my husband doesn't think it is either. I certainly haven't put Kaspersky on this machine, and I would be surprised if he had. Is it possible this is something pretending to be Kaspersky that isn't?

Judy

Link to post
Share on other sites

Odd, it looks like all .exe changed to .lnk Files to get opened with IE.

In your Software list, Kaspersky Security Scan appears, so I do not think its the problem here.

Please uninstall

Kaspersky Security Scan

Reboot your OS when done and let me know. I going to read all the logs again and may consult other experts here.

Link to post
Share on other sites

No change when I removed it - however the date of installation was the 29th Feb, which was when all this started, and it wasn't something I intentionally downloaded. The program I diw download was winzip, so I removed that as well, but it won't let me remove the winzipbar Toolbar, which has the same date. I don't know whether there is any significance to that.

Judy

Link to post
Share on other sites

Okay,

One of my colleagues is thinking, that there went something wrong with the installation of WinZip. Lets give it a shot :)

  1. Please download Revo Uninstaller.
  2. Extract the ZIP file to a folder and run revouninstaller.exe from there! (You can copy that folder to an USB Mass storage drive and use it without any installation required!)
  3. There are two ways to uninstall programs with Revo Uninstaller:
    Important: Please, try to close the application you want to uninstall first!
    • Select the WinZipBar in the list of installed applications and press the Uninstall button in the toolbar.
    • Right-click the application and click the Uninstall command in the displayed menu. Follow the instructions.

Reboot your OS and let me know if anything changed

Link to post
Share on other sites

OK, I've downloaded the revuninstaller and tried to run it. When it got to step 2 and tried to uninstall it it hit the file download pop-up. Then when it looked for left over items its come up with multiple entries in the registry and is asking whether I want to delete them.

Do I skip this step, or delete all of them?

Judy

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.