Jump to content

PLEASE HELP ME! malwarebytes successfully blocked access to a potentially malicious website type outgoing


Recommended Posts

Hi guys, please help me, I have been using MBAM for years now and always liked it.

Yesterday I got a phone call from an Indian and he was saying he was from Microsoft saying that we had virusses on the computer. When he told me his name was David Watson I thought he was a scammer and hung up (Not a very indian name)

Anyway I ran MBAM afterwards and like 20 threats were removed.

But now I keep getting this message from MBAM "malwarebytes successfully blocked access to a potentially malicious website type outgoing".

It says its from Utorrent and names a port.<br />

I was reading a little about this and have downloaded TDSSkiller and this is the log. It doesnt have the option for cure.

http://imgur.com/lhbsR

Can someone please help me.

Thanks</p>

Link to post
Share on other sites

Hello khanted and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

Post the log files in your next reply.

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 3

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

Link to post
Share on other sites

2012/08/14 00:06:38 +1000 PAUL-PC Paul IP-BLOCK 81.198.148.4 (Type: outgoing, Port: 24666, Process: utorrent.exe)

2012/08/14 00:15:44 +1000 PAUL-PC Guest MESSAGE Starting protection

2012/08/14 00:15:59 +1000 PAUL-PC Guest MESSAGE Protection started successfully

2012/08/14 00:16:02 +1000 PAUL-PC Guest MESSAGE Starting IP protection

2012/08/14 00:16:03 +1000 PAUL-PC Guest MESSAGE IP Protection started successfully

2012/08/14 00:48:52 +1000 PAUL-PC Guest IP-BLOCK 89.28.18.243 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 01:05:32 +1000 PAUL-PC Guest IP-BLOCK 121.125.153.88 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 01:28:23 +1000 PAUL-PC Guest IP-BLOCK 89.28.83.142 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 01:35:39 +1000 PAUL-PC Guest IP-BLOCK 212.113.33.194 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 02:32:04 +1000 PAUL-PC Guest IP-BLOCK 89.28.85.35 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 02:34:05 +1000 PAUL-PC Guest MESSAGE Executing scheduled update: Daily

2012/08/14 02:34:19 +1000 PAUL-PC Guest MESSAGE Starting database refresh

2012/08/14 02:34:19 +1000 PAUL-PC Guest MESSAGE Stopping IP protection

2012/08/14 02:34:19 +1000 PAUL-PC Guest MESSAGE Scheduled update executed successfully: database updated from version v2012.08.13.01 to version v2012.08.13.05

2012/08/14 02:34:20 +1000 PAUL-PC Guest MESSAGE IP Protection stopped

2012/08/14 02:34:22 +1000 PAUL-PC Guest MESSAGE Database refreshed successfully

2012/08/14 02:34:22 +1000 PAUL-PC Guest MESSAGE Starting IP protection

2012/08/14 02:34:24 +1000 PAUL-PC Guest MESSAGE IP Protection started successfully

2012/08/14 02:48:15 +1000 PAUL-PC Guest IP-BLOCK 77.78.230.131 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 02:48:23 +1000 PAUL-PC Guest IP-BLOCK 89.28.54.46 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 02:58:32 +1000 PAUL-PC Guest IP-BLOCK 89.28.18.243 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 03:05:12 +1000 PAUL-PC Guest IP-BLOCK 79.135.136.88 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 03:28:01 +1000 PAUL-PC Guest IP-BLOCK 77.78.217.128 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 03:30:49 +1000 PAUL-PC Guest IP-BLOCK 196.205.162.202 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 03:36:01 +1000 PAUL-PC Guest IP-BLOCK 91.188.48.170 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 03:51:46 +1000 PAUL-PC Guest IP-BLOCK 89.28.18.243 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 03:52:10 +1000 PAUL-PC Guest IP-BLOCK 91.188.34.198 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 04:17:39 +1000 PAUL-PC Guest IP-BLOCK 79.135.147.210 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 04:19:15 +1000 PAUL-PC Guest IP-BLOCK 89.209.91.226 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 04:23:47 +1000 PAUL-PC Guest IP-BLOCK 89.28.24.123 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 04:24:19 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 04:24:19 +1000 PAUL-PC Guest IP-BLOCK 222.70.225.246 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 04:34:03 +1000 PAUL-PC Guest IP-BLOCK 218.9.127.236 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 05:15:43 +1000 PAUL-PC Guest IP-BLOCK 83.128.17.61 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 05:15:51 +1000 PAUL-PC Guest IP-BLOCK 117.205.48.6 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 05:19:36 +1000 PAUL-PC Guest IP-BLOCK 79.135.147.210 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 05:34:02 +1000 PAUL-PC Guest IP-BLOCK 77.78.240.21 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 05:52:44 +1000 PAUL-PC Guest IP-BLOCK 91.188.49.16 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 05:55:48 +1000 PAUL-PC Guest IP-BLOCK 79.135.147.210 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 06:02:12 +1000 PAUL-PC Guest IP-BLOCK 46.21.146.169 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 06:31:57 +1000 PAUL-PC Guest IP-BLOCK 94.23.250.51 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 07:31:27 +1000 PAUL-PC Guest IP-BLOCK 77.78.225.139 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 07:32:55 +1000 PAUL-PC Guest IP-BLOCK 220.189.253.218 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 07:47:11 +1000 PAUL-PC Guest IP-BLOCK 83.128.61.124 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 07:47:43 +1000 PAUL-PC Guest IP-BLOCK 89.28.18.243 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 08:17:38 +1000 PAUL-PC Guest IP-BLOCK 89.28.104.29 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 09:44:40 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 09:47:20 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 09:47:20 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 09:59:05 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 10:01:37 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 10:01:37 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 10:33:39 +1000 PAUL-PC Guest IP-BLOCK 222.76.155.67 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 10:33:39 +1000 PAUL-PC Guest IP-BLOCK 94.23.250.51 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 10:34:51 +1000 PAUL-PC Guest IP-BLOCK 218.9.133.81 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 10:49:08 +1000 PAUL-PC Guest IP-BLOCK 213.186.115.237 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 12:18:07 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 12:53:13 +1000 PAUL-PC Guest IP-BLOCK 195.244.135.186 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 13:02:50 +1000 PAUL-PC Guest IP-BLOCK 58.241.217.206 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 13:09:46 +1000 PAUL-PC Guest IP-BLOCK 91.188.36.168 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 13:10:02 +1000 PAUL-PC Guest IP-BLOCK 58.241.42.2 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 13:21:28 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 13:27:04 +1000 PAUL-PC Guest IP-BLOCK 117.205.48.131 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 13:28:24 +1000 PAUL-PC Guest IP-BLOCK 89.28.6.199 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 13:32:48 +1000 PAUL-PC Guest IP-BLOCK 89.28.65.200 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 13:41:04 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 13:54:01 +1000 PAUL-PC Guest IP-BLOCK 79.135.136.96 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 13:56:01 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 14:10:18 +1000 PAUL-PC Guest IP-BLOCK 94.23.250.51 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 14:11:30 +1000 PAUL-PC Guest IP-BLOCK 89.209.91.88 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 14:18:10 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:19:38 +1000 PAUL-PC Guest IP-BLOCK 81.163.138.42 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 14:30:11 +1000 PAUL-PC Guest IP-BLOCK 89.28.6.199 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:34:27 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:36:35 +1000 PAUL-PC Guest IP-BLOCK 91.212.124.155 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:37:07 +1000 PAUL-PC Guest IP-BLOCK 222.76.121.20 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:54:04 +1000 PAUL-PC Guest IP-BLOCK 59.34.60.80 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:57:24 +1000 PAUL-PC Guest IP-BLOCK 59.34.60.80 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 14:57:32 +1000 PAUL-PC Guest IP-BLOCK 59.34.60.80 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:10:28 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 15:11:00 +1000 PAUL-PC Guest IP-BLOCK 58.241.9.30 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 15:20:53 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:35:01 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:38:45 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:39:33 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:39:49 +1000 PAUL-PC Guest IP-BLOCK 222.70.185.60 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 15:49:42 +1000 PAUL-PC Guest IP-BLOCK 79.135.142.133 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 15:52:30 +1000 PAUL-PC Guest IP-BLOCK 195.244.128.245 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 16:01:58 +1000 PAUL-PC Guest IP-BLOCK 146.185.18.98 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 16:11:43 +1000 PAUL-PC Guest IP-BLOCK 77.78.227.65 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 16:20:57 +1000 PAUL-PC Guest IP-BLOCK 31.31.76.180 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 16:41:46 +1000 PAUL-PC Guest IP-BLOCK 122.227.135.236 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 16:46:19 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.225 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:01:47 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:02:27 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:02:27 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:39 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:39 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:39 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:39 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:55 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:03:55 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:04:35 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:04:35 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:27 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:27 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:43 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:43 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:59 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:06:59 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:07:23 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:09:31 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:09:31 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:10:11 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:10:19 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:10:19 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:10:51 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:10:51 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:11:07 +1000 PAUL-PC Guest IP-BLOCK 222.71.229.24 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:25:53 +1000 PAUL-PC Guest IP-BLOCK 218.10.51.18 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 17:37:10 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:37:18 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:37:26 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:37:34 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:37:34 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:39:18 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:39:42 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:46:15 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:46:55 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:47:43 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:48:15 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:49:27 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 17:53:27 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 18:02:00 +1000 PAUL-PC Guest IP-BLOCK 58.240.144.28 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 18:08:00 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 18:11:53 +1000 PAUL-PC Guest IP-BLOCK 58.241.89.2 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 18:24:01 +1000 PAUL-PC Guest IP-BLOCK 178.152.13.215 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 18:30:02 +1000 PAUL-PC Guest IP-BLOCK 222.75.167.97 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 18:54:51 +1000 PAUL-PC Guest IP-BLOCK 89.28.115.147 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 19:03:40 +1000 PAUL-PC Guest IP-BLOCK 213.55.114.175 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 19:03:48 +1000 PAUL-PC Guest IP-BLOCK 213.55.114.31 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 19:09:49 +1000 PAUL-PC Guest IP-BLOCK 89.28.83.124 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 19:09:57 +1000 PAUL-PC Guest IP-BLOCK 89.28.94.165 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 19:13:09 +1000 PAUL-PC Guest IP-BLOCK 77.78.213.119 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 19:51:20 +1000 PAUL-PC Guest IP-BLOCK 89.28.6.195 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 20:04:49 +1000 PAUL-PC Guest IP-BLOCK 194.165.0.5 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:16:34 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:16:34 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:22:51 +1000 PAUL-PC Guest IP-BLOCK 219.146.114.67 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:22:51 +1000 PAUL-PC Guest IP-BLOCK 219.146.114.67 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:33:16 +1000 PAUL-PC Guest IP-BLOCK 213.186.121.164 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 20:46:29 +1000 PAUL-PC Guest IP-BLOCK 222.69.183.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 21:05:43 +1000 PAUL-PC Guest IP-BLOCK 222.69.96.85 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 21:06:15 +1000 PAUL-PC Guest IP-BLOCK 121.125.153.88 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 21:33:30 +1000 PAUL-PC Guest IP-BLOCK 83.128.107.112 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 21:34:58 +1000 PAUL-PC Guest IP-BLOCK 222.186.78.204 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 21:36:02 +1000 PAUL-PC Guest IP-BLOCK 83.128.100.139 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 21:39:39 +1000 PAUL-PC Guest IP-BLOCK 83.128.82.173 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 21:47:07 +1000 PAUL-PC Guest IP-BLOCK 89.28.9.230 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 21:51:40 +1000 PAUL-PC Guest IP-BLOCK 89.28.74.106 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 21:52:44 +1000 PAUL-PC Guest IP-BLOCK 222.69.15.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 22:09:02 +1000 PAUL-PC Guest IP-BLOCK 222.71.83.181 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 22:09:02 +1000 PAUL-PC Guest IP-BLOCK 222.65.198.158 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 22:16:38 +1000 PAUL-PC Guest IP-BLOCK 89.28.9.230 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 22:20:38 +1000 PAUL-PC Guest IP-BLOCK 222.69.15.108 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 22:53:38 +1000 PAUL-PC Guest IP-BLOCK 79.135.146.72 (Type: incoming, Port: 15402, Process: utorrent.exe)

2012/08/14 22:54:27 +1000 PAUL-PC Guest IP-BLOCK 121.10.80.229 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 23:24:55 +1000 PAUL-PC Guest IP-BLOCK 222.70.220.66 (Type: outgoing, Port: 15402, Process: utorrent.exe)

2012/08/14 23:25:36 +1000 PAUL-PC Guest IP-BLOCK 77.78.209.154 (Type: outgoing, Port: 15402, Process: utorrent.exe)

Link to post
Share on other sites

was that right? Or this one? Sorry Im a noob

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.05

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

Guest :: PAUL-PC [limited]

Protection: Enabled

14/08/2012 11:20:59 PM

mbam-log-2012-08-14 (23-20-59).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 166708

Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

OTL logfile created on: 14/08/2012 11:52:59 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Guest\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.15% Memory free

6.70 Gb Paging File | 5.25 Gb Available in Paging File | 78.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.30 Gb Total Space | 178.96 Gb Free Space | 39.31% Space Free | Partition Type: NTFS

Drive D: | 10.46 Gb Total Space | 1.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 23:49:50 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Guest\Downloads\OTL.exe

PRC - [2012/08/04 18:39:06 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/06/14 22:03:48 | 000,639,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe

PRC - [2012/03/07 10:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe

PRC - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe

PRC - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe

PRC - [2008/11/20 09:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2008/11/18 18:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

PRC - [2008/01/21 12:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/06/16 03:44:53 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll

MOD - [2011/06/16 03:43:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll

MOD - [2011/06/16 03:41:36 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll

MOD - [2011/06/16 03:41:22 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll

MOD - [2011/06/16 03:41:15 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll

MOD - [2011/06/16 03:41:00 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll

MOD - [2011/06/16 03:40:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6bebfe5b7776c84cb38efdb2a7c9d447\PresentationFramework.Aero.ni.dll

MOD - [2011/06/16 03:40:50 | 014,327,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\415ef2ec8cbd9f3368da6ade10beae26\PresentationFramework.ni.dll

MOD - [2011/06/16 03:40:37 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\c1498ba4652483d5adddd4c5d3927170\PresentationCore.ni.dll

MOD - [2011/06/16 03:40:26 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\29d729043903b7b4b2ea695db220d866\WindowsBase.ni.dll

MOD - [2011/06/16 03:40:23 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll

MOD - [2011/06/16 03:40:03 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MOD - [2008/07/28 04:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/13 09:52:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/07 10:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2009/04/22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)

SRV - [2009/04/22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)

SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Paul\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/07 10:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/03/07 10:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/03/07 10:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)

DRV - [2012/03/07 10:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/03/07 10:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012/03/07 10:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)

DRV - [2009/01/08 11:17:00 | 007,396,448 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/12/05 07:32:40 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2008/10/25 21:37:38 | 000,318,080 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer888RC.sys -- (AVER_H193)

DRV - [2008/10/25 21:37:06 | 000,032,256 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVer888RCIR.sys -- (CXCIR)

DRV - [2008/08/01 22:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)

DRV - [2008/05/22 19:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2008/02/27 03:17:30 | 000,493,568 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)

DRV - [2007/02/15 14:14:28 | 000,019,840 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)

DRV - [2005/12/13 03:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Pavilion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Pavilion&pf=cndt

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKLM\..\SearchScopes\{B867709F-3C2A-424C-980E-0C6E9BB690C0}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcndtie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Pavilion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MOOI_en

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253

IE - HKCU\..\SearchScopes\{B867709F-3C2A-424C-980E-0C6E9BB690C0}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcndtie7-en-au

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://unitab.com/"

FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5

FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/10 15:52:48 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/06/17 10:21:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 09:52:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 06:43:14 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/04/10 15:52:48 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/08/13 09:52:37 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/31 06:43:14 | 000,000,000 | ---D | M]

[2010/04/22 22:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions

[2012/08/09 00:18:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions

[2010/06/09 17:06:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/08/09 00:18:40 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

[2011/04/12 19:33:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions\personas@christopher.beard

[2012/06/03 19:02:01 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions\plugin@yontoo.com

[2011/04/12 19:33:51 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\extensions\YoutubeDownloader@PeterOlayev.com

[2012/05/31 06:43:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/08/13 09:52:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/11/07 02:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/07 02:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/08/11 12:50:52 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/08/11 12:50:52 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D14D3BE-7A1F-4FF8-A758-3404D107D407}: DhcpNameServer = 10.1.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 10:15:59 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Philipp Winterberg

[2012/08/13 10:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog

[2012/08/04 10:46:34 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Skype

[2012/07/30 17:30:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2012/07/30 17:29:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2012/07/30 17:29:58 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/07/30 17:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2010/10/14 14:49:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Paul\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/08/14 23:45:05 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Desktop\MBR.dat

[2012/08/14 23:34:26 | 000,000,512 | ---- | M] () -- C:\Users\Paul\Documents\MBR.dat

[2012/08/14 22:11:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 22:11:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/14 12:58:52 | 000,617,044 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/08/14 12:58:52 | 000,112,156 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/08/14 04:59:24 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/08/14 04:59:14 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job

[2012/08/14 00:10:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 00:10:52 | 3487,662,080 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/13 21:42:51 | 000,031,776 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/08/13 15:37:51 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/13 10:15:55 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk

[2012/08/07 22:38:03 | 000,002,487 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/07/18 02:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/08/14 23:42:24 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Desktop\MBR.dat

[2012/08/14 23:34:26 | 000,000,512 | ---- | C] () -- C:\Users\Paul\Documents\MBR.dat

[2012/08/13 10:15:55 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Free RAR Extract Frog.lnk

[2012/07/30 17:30:00 | 000,002,487 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012/06/20 20:28:46 | 000,002,048 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\ThePhotobookClub.com.au Prefs

[2011/04/10 15:39:26 | 000,205,323 | ---- | C] () -- C:\Windows\hphins34.dat

[2011/01/08 11:42:54 | 000,641,021 | ---- | C] () -- C:\Windows\unins000.exe

[2011/01/08 11:42:54 | 000,187,904 | ---- | C] () -- C:\Windows\System32\Lame.exe

[2011/01/08 11:42:54 | 000,166,912 | ---- | C] () -- C:\Windows\System32\Lame_enc.dll

[2011/01/08 11:42:54 | 000,001,664 | ---- | C] () -- C:\Windows\unins000.dat

[2010/10/14 16:49:46 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat

[2010/10/14 14:49:52 | 000,087,608 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\inst.exe

[2010/10/14 14:49:52 | 000,007,887 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\pcouffin.cat

[2010/10/14 14:49:52 | 000,001,144 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\pcouffin.inf

[2010/10/14 14:36:24 | 000,001,057 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\vso_ts_preview.xml

[2010/06/08 19:42:33 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\wklnhst.dat

[2009/10/11 12:32:48 | 000,083,968 | ---- | C] () -- C:\Users\Paul\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/04/27 19:01:24 | 000,007,592 | ---- | C] () -- C:\Users\Paul\AppData\Local\d3d9caps.dat

[2009/03/13 11:34:09 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/13 11:07:40 | 000,031,776 | ---- | C] () -- C:\ProgramData\nvModes.dat

========== LOP Check ==========

[2009/08/06 19:35:42 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\BSD

[2010/06/23 10:48:20 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Free AVI MPEG WMV MP4 FLV Video Joiner

[2010/04/23 08:34:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\FreeFLVConverter

[2012/05/19 20:52:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GlarySoft

[2010/10/14 14:58:15 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\HamsterSoft

[2012/08/13 10:15:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Philipp Winterberg

[2012/07/02 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PhotoScape

[2010/06/08 19:42:36 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Template

[2012/06/20 20:28:38 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\ThePhotobookClub.com.au

[2012/08/14 00:07:27 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\uTorrent

[2010/10/14 14:49:52 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Vso

[2009/10/24 16:01:40 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WinBatch

[2009/08/06 20:10:23 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\WindSolutions

[2012/08/14 04:59:14 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job

[2012/07/18 02:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2012/08/14 00:07:44 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:A2947BEA

< End of report >

OTL Extras logfile created on: 14/08/2012 11:52:59 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Guest\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19088)

Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.25 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 59.15% Memory free

6.70 Gb Paging File | 5.25 Gb Available in Paging File | 78.29% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 455.30 Gb Total Space | 178.96 Gb Free Space | 39.31% Space Free | Partition Type: NTFS

Drive D: | 10.46 Gb Total Space | 1.51 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{627C7F45-5F05-4432-9369-A2C046ECC691}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{CA606D98-46E7-4888-A0BA-C911FAA0EE31}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{00D3CED5-5E4C-4DC2-82DB-D35A79A583F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |

"{062D04C9-524B-499A-A900-A91A646AD644}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{141274EF-F5FD-44FD-B2EC-10202372FCF5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{1912E961-BF87-4BF0-A0AE-96A8FBBA44EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{1A2F60A3-67B5-473D-AB4E-C77B04DA1AE6}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{23604696-5D8E-47BD-8CE3-23ACFB3B055D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{2EA97FA6-BE5E-4FBE-A54E-3071AFE8A53E}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{336037C5-B698-4E31-AB36-FE04EB022CB1}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{3976A692-4493-4C6A-99A4-9495F94D6DFB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{39D2488B-0A66-41FB-8C78-6F2213B2A2A2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{43678AE6-B61B-4366-8579-BC0F0B648BAB}" = dir=in | app=e:\setup\hpznui01.exe |

"{451A1FE2-A865-4AB1-9261-CDC37404B39A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{473AAB67-8F72-4EF1-841E-12328CA087C3}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{47B19B9F-8C57-40D3-B3E8-9CBB70217589}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{5994065F-28DA-4DFA-B9AB-89E2F843D77B}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |

"{62C8CD4D-FA75-4E2D-87B6-0A5C616826AA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |

"{6CFC7E96-3A50-4903-BB15-6EA9E83B5752}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |

"{6DE3A23D-9973-4E57-AC1D-6CC35660E709}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{7038CEDB-BEC2-4702-846B-2EA1FC541387}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |

"{7603679B-7E72-41F7-BC57-89D6B4A52E47}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{7AAA1650-3148-458B-833C-E569A7F4E18F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |

"{7C34E23F-EFB4-4F79-AD16-15BC80D8F690}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{8797ED6B-0B33-4D1D-A0B2-EF86EDCF0D60}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |

"{888D52D0-97B1-4A77-9B4B-C8242482A253}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{8A7CF87D-2087-4D19-9878-FC0ED41690B4}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |

"{8A7E8C6A-07AF-47FA-8DF1-38E8BA5F8B38}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{904E9D54-7309-431D-AB12-42B76F8F27B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |

"{B0FE510D-40E4-41A1-AA90-B8314A905785}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{B3141CE7-63C9-4C6F-9D0B-6FD7A1B8D0C9}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |

"{BA3D86DC-F04C-4D10-8CA8-EBF90C38FDCA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{BB2F6599-32CB-4F7C-9204-0376A4A73B24}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{C3F5E2F2-0BE3-4982-BF20-09668E267615}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CAF8FBAD-DCF6-46CB-89E0-D0F6D540B415}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |

"{CE977067-B604-438C-B5FE-A55F12425A0A}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{D0689DB4-20AD-4157-95CB-4BDA440BFFC2}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{D15C5FA7-D682-413E-ACE9-494D5B4F02E1}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{D420D72A-34DC-4D4B-8F85-B096D86D0D93}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{D7F5E99E-8257-489F-8560-F4FFEE3CB242}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{DB0D0559-2B72-4497-A86C-8E95EB7D9554}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |

"{DBEC9205-2295-448E-BCE3-50C0E3534EE4}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{DF85D54D-C501-4122-8D46-A4F4763ADDCD}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{DF94642D-F3DD-424D-97FC-4261041DCADB}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{E02D693B-AF76-4622-9F9B-B2F0180BC921}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{E27BC3A9-F044-464A-9A2A-4AF520E67BEB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E316FA34-DD9C-453D-AD8C-E758BCA0525E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |

"{E3C76CC7-512D-44B4-8574-B0F29DF15E95}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |

"{E673A310-3BFB-4D33-82DD-0134F0E769A5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |

"{EB55CB95-C9AE-4207-8A39-6D0D69D78294}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |

"{F51F50CC-2666-4C46-B507-D0A86752BE62}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{FB98A1A6-CF6D-4579-B26E-28CDE76AF59C}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |

"{FC35B1E1-5D9A-42CD-9E25-CB0C5CA359D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"TCP Query User{18E80906-5392-422D-9516-1AF65CB230C6}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |

"TCP Query User{3A22994A-81CB-4E56-838C-7379C25D5D9C}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=6 | dir=in | app=c:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"TCP Query User{FACC2A1E-F2E8-4F62-B550-B66339B832BA}C:\thc-chat\mirc.exe" = protocol=6 | dir=in | app=c:\thc-chat\mirc.exe |

"UDP Query User{0DC3F30C-2B43-4C37-B05D-1D316F08F280}C:\thc-chat\mirc.exe" = protocol=17 | dir=in | app=c:\thc-chat\mirc.exe |

"UDP Query User{715D19EF-9512-4C77-B659-BF3EC4595C6E}C:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe" = protocol=17 | dir=in | app=c:\users\guest\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"UDP Query User{7482BB42-9A48-4F63-BDC2-9A726EEBF7A0}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library

"{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In

"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery

"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java 6 Update 24

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox

"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status

"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation

"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter

"{5F2930B9-20C7-4E84-85AB-8A333B617833}" = D5500

"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer

"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"{69EEF1DC-DE38-46DB-AA2A-5D1D8D81E850}" = NavDesk 2008

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02

"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{919F3D91-8374-410F-932B-A126F2C85426}" = e-tax 2009

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1

"{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help

"{A7AC8E69-01FF-494E-9A2C-423B82CEA604}" = HP MediaSmart SmartMenu

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100

"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB8CA439-DA83-419C-A4CF-5A0A50025144}" = Windows Mobile Device Center Driver Update

"{CBCA600F-6B90-416D-9D19-477758C40946}" = DJ_SF_06_D5500_SW_Min

"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E1591139-8B44-411B-A81B-D35F83A0565A}" = HP Customer Experience Enhancements

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm

"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ExtractNow_is1" = ExtractNow

"Free RAR Extract Frog" = Free RAR Extract Frog

"Glary Utilities_is1" = Glary Utilities 2.15.0.728

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Photo Creations" = HP Photo Creations

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIA Drivers" = NVIDIA Drivers

"PFPortChecker" = PFPortChecker 1.0.39

"PhotoScape" = PhotoScape

"PROHYBRIDR" = 2007 Microsoft Office system

"pywin32-py2.6" = Python 2.6 pywin32-212

"uTorrent" = µTorrent

"VLC media player" = VLC media player 1.0.1

"WildTangent hp Master Uninstall" = My HP Games

"XviD & MP3 Codec Pack_is1" = XviD & MP3 Codec Pack (remove only)

"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"THC-Chat" = THC-Chat

"ThePhotobookClub.com.au" = ThePhotobookClub.com.au

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 12/08/2012 8:13:21 PM | Computer Name = Paul-PC | Source = Application Hang | ID = 1002

Description = The program wmplayer.exe version 11.0.6001.7010 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Problem Reports and Solutions control panel. Process

ID: 1180 Start Time: 01cd78e85ad9a050 Termination Time: 7

Error - 12/08/2012 8:35:49 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 12/08/2012 8:36:23 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 12/08/2012 8:36:23 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 12/08/2012 8:36:28 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 12/08/2012 8:37:58 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 12/08/2012 8:38:39 PM | Computer Name = Paul-PC | Source = Windows Search Service | ID = 3013

Description =

Error - 13/08/2012 2:02:18 AM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10

Description =

Error - 13/08/2012 2:04:55 AM | Computer Name = Paul-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description =

Error - 13/08/2012 10:12:34 AM | Computer Name = Paul-PC | Source = WinMgmt | ID = 10

Description =

[ System Events ]

Error - 21/07/2012 8:51:19 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 21/07/2012 8:51:19 PM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 25/07/2012 2:07:22 AM | Computer Name = Paul-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 10.1.1.3 for the Network Card with network address

0022684B316D has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent

a DHCPNACK message).

Error - 25/07/2012 2:25:02 AM | Computer Name = Paul-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 10.1.1.3 for the Network Card with network address

0022684B316D has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent

a DHCPNACK message).

Error - 7/08/2012 7:20:36 PM | Computer Name = Paul-PC | Source = HTTP | ID = 15016

Description =

Error - 13/08/2012 2:00:42 AM | Computer Name = Paul-PC | Source = HTTP | ID = 15016

Description =

Error - 13/08/2012 10:10:57 AM | Computer Name = Paul-PC | Source = HTTP | ID = 15016

Description =

Error - 13/08/2012 10:14:35 AM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 13/08/2012 10:14:35 AM | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 13/08/2012 8:12:44 PM | Computer Name = Paul-PC | Source = Dhcp | ID = 1002

Description = The IP address lease 10.1.1.3 for the Network Card with network address

0022684B316D has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent

a DHCPNACK message).

< End of report >

Link to post
Share on other sites

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall avast! Free Antivirus and to keep Norton Internet Security, but if you have license for Norton Internet Security, leave it and uninstall avast! Free Antivirus. Next, reboot your PC.

Next, uninstall Yontoo 1.10.02 and µTorrent.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
    O2 - BHO: (no name) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - No CLSID value found.
    O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

So should I be pasting everything? Like even the OTL at the top and stuff?

And like the emptytemp at the bottom?

I just did it and it said OTC Has Stopped Working:

A problem caused the program to stop working correctly.

And then all my desktop icons disappeared till I logged out and came back in.

Link to post
Share on other sites

Yes done now.

I couldnt figure out how to attach it, but here it is copied and pasted..... By the way Maniac, thanks sooooo much for your help!

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{687578b9-7132-4a7a-80e4-30ee31099e03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}\ not found.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Could not flush the DNS Resolver Cache: Function failed during execution.

C:\Users\Paul\Downloads\cmd.bat deleted successfully.

C:\Users\Paul\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ANNE

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 50266 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 111108608 bytes

->Google Chrome cache emptied: 25043362 bytes

->Flash cache emptied: 228333 bytes

User: Paul

->Temp folder emptied: 16194636 bytes

->Temporary Internet Files folder emptied: 76085414 bytes

->Java cache emptied: 268800 bytes

->FireFox cache emptied: 112646384 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 3274 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6047786 bytes

RecycleBin emptied: 162 bytes

Total Files Cleaned = 332.00 mb

OTL by OldTimer - Version 3.2.57.0 log created on 08152012_235957

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Good!

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

OK, done. Thanks

Here is the log:

ComboFix 12-08-15.01 - Paul 16/08/2012 10:28:18.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.3325.2251 [GMT 10:00]

Running from: c:\users\Paul\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Paul\AppData\Roaming\inst.exe

c:\users\Paul\AppData\Roaming\vso_ts_preview.xml

c:\users\Paul\videos\family slide show.exe

c:\windows\security\Database\tmp.edb

.

.

((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))

.

.

2012-08-16 00:33 . 2012-08-16 00:33 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-16 00:33 . 2012-08-16 00:33 -------- d-----w- c:\users\ANNE\AppData\Local\temp

2012-08-15 10:15 . 2012-08-15 10:15 -------- d-----w- C:\_OTL

2012-08-14 15:45 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{234D1F02-403B-44FD-B4EF-CF715E5FD0FA}\mpengine.dll

2012-08-13 00:15 . 2012-08-13 00:15 -------- d-----w- c:\users\Paul\AppData\Roaming\Philipp Winterberg

2012-08-13 00:15 . 2012-08-13 00:15 -------- d-----w- c:\program files\Free RAR Extract Frog

2012-08-11 02:50 . 2012-08-11 02:50 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll

2012-08-11 02:50 . 2012-08-11 02:50 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll

2012-08-04 09:31 . 2012-08-04 09:32 -------- d-----w- c:\users\Guest\AppData\Local\Google

2012-08-04 08:39 . 2012-08-04 08:39 -------- d-----w- c:\users\Guest\AppData\Local\Facebook

2012-08-04 00:46 . 2012-08-15 21:22 -------- d-----w- c:\users\Paul\AppData\Roaming\Skype

2012-08-01 00:01 . 2012-08-01 00:01 -------- d-----w- c:\users\Guest\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2012-07-30 07:30 . 2012-08-15 01:19 -------- d-----w- c:\users\Guest\AppData\Roaming\Skype

2012-07-30 07:29 . 2012-07-30 07:29 -------- d-----w- c:\program files\Common Files\Skype

2012-07-30 07:29 . 2012-07-30 07:30 -------- d-----r- c:\program files\Skype

2012-07-30 07:29 . 2012-08-07 12:38 -------- d-----w- c:\programdata\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 03:46 . 2012-06-15 21:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 10:59 . 2012-06-06 10:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-05-31 02:25 . 2009-10-02 20:13 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-21 22:14 . 2012-05-21 22:14 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-21 22:14 . 2012-05-21 22:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-12 23:52 . 2012-05-30 20:43 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-19 62768]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-08 13584928]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]

"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\program files\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe"

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe"

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

"SmartMenu"=%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-15 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2009-08-07 00:30]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ninemsn.com.au/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=92&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 10.1.1.1

FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\y0hnske5.default\

FF - prefs.js: browser.startup.homepage - hxxp://unitab.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-16 10:34

Windows 6.0.6001 Service Pack 1 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

.

c:\windows\TEMP\TMP0000006CC8F6DD0E59949B7B 524288 bytes

.

scan completed successfully

hidden files: 1

.

**************************************************************************

.

Completion time: 2012-08-16 10:35:51

ComboFix-quarantined-files.txt 2012-08-16 00:35

.

Pre-Run: 194,436,403,200 bytes free

Post-Run: 197,867,941,888 bytes free

.

- - End Of File - - B0F433F94E8BAC2DE9BE5CADB781E24B

Link to post
Share on other sites

Oh also I just ran Malware bytes and this is what it said afterwards

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.16.10

Windows Vista Service Pack 1 x86 NTFS

Internet Explorer 8.0.6001.19088

Paul :: PAUL-PC [administrator]

Protection: Enabled

17/08/2012 7:47:28 AM

mbam-log-2012-08-17 (07-47-28).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 453421

Time elapsed: 1 hour(s), 35 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Please compress this folder for me: C:\Qoobox\Quarantine and upload it somewhere, for example in www.rapidshare.com .

http://windows.microsoft.com/en-US/windows-vista/Compress-and-uncompress-files-zip-files

Please send me a download link via PM.

Oh stuff, it just popped up the original message again.... About blocking a malicious website.

I just downloaded U Torrent again.

Why did you do that? Did you see our rules?

http://forums.malwarebytes.org/index.php?showtopic=97700

Does this mean that the message came back after uTorrent?

Link to post
Share on other sites

Please compress this folder for me: C:\Qoobox\Quarantine and upload it somewhere, for example in www.rapidshare.com .

http://windows.micro...files-zip-files

Please send me a download link via PM.

Thanks

Why did you do that? Did you see our rules?

http://forums.malwar...showtopic=97700

Does this mean that the message came back after uTorrent?

Yes, I am really sorry mate. I didnt see the rules. I thought my computer may have been clean though.

Yes I think the popups came back after reinstalling U torrent, but the virus must have still been on my computer if the pop ups are back.

Anyway I am really sorry about that. I will uninstall now and wait till you give me the OK to reinstall.

Link to post
Share on other sites

Let me explain, so to be clear enough in the future. If you plan to install uTorrent again, so your system can be infected again and I every time I do the same thing - I see no point to help you anymore. There is no point wasting my time either, nor yours. Maybe you do not realize it, but this is a cycle in which you are infected with the same thing and I still have to help you, and also you continue to violate the law.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.