Windows 7 Home Security

View previous topic View next topic Go down

Windows 7 Home Security

Post by Carril75 on Sat 03 Dec 2011, 7:32 pm

I am unable to open anything (Internet, folders, etc.) because a pop-up appears stating the Windows 7 Home Security 2012 has found a trojan or security breech. The first pop-up appeared about two hours ago when I closed out of all the windows I had open. I tried to download Malwarebytes Anti-Malware but I was unable to open it. I've been running on safe mode in order to run OTL. I was not able to open aswMBR.exe

Carril75

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2009-11-24
Operating System : Windows XP

View user profile

Back to top Go down

Re: Windows 7 Home Security

Post by Carril75 on Sat 03 Dec 2011, 7:35 pm

OTL.txt
OTL logfile created on: 12/3/2011 12:01:37 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lorena\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 61.27% Memory free
3.93 Gb Paging File | 3.21 Gb Available in Paging File | 81.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 326.30 Gb Free Space | 70.07% Space Free | Partition Type: NTFS

Computer Name: LORENA-PC | User Name: Lorena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/03 00:00:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lorena\Downloads\OTL(2).com
PRC - [2011/11/09 23:42:12 | 000,912,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 23:42:12 | 000,849,368 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/05/18 10:53:44 | 001,496,576 | ---- | M] () -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 10:53:44 | 000,346,112 | ---- | M] () -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/13 17:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ScanQuery Service)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/28 18:15:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/04/20 12:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz134_x32.sys -- (cpuz134)
DRV - [2010/06/28 22:50:22 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/28 19:40:17] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC})
DRV - [2010/04/29 05:58:18 | 000,026,112 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\androidusb.sys -- (androidusb)
DRV - [2009/07/13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/05/26 14:32:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2006/09/24 05:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 11:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 2B 5B F1 06 A7 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.2.5.2
FF - prefs.js..extensions.enabledItems: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.2.5.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:5.0.67.0
FF - prefs.js..extensions.enabledItems: {DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:11.0.0.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..keyword.URL: "http://search.bearshare.com/web?src=ffb&systemid=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lorena\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/12/28 19:20:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/28 23:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\HBLite@HBLite.com: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions [2011/04/24 12:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/17 22:15:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 23:42:13 | 000,000,000 | ---D | M]

[2010/12/29 00:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Extensions
[2011/12/02 22:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions
[2011/06/03 23:23:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/07 17:49:09 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2010/12/29 00:03:12 | 000,000,000 | ---D | M] (MediaBar) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2011/03/27 18:18:54 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\battlefieldheroespatcher@ea.com
[2011/03/07 17:49:09 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\engine@conduit.com
[2011/06/19 17:02:25 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\extensions\searchtoolbar@zugo.com
[2011/08/23 21:16:36 | 000,002,333 | ---- | M] () -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\searchplugins\askcom.xml
[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Users\Lorena\AppData\Roaming\Mozilla\Firefox\Profiles\pcnlddlz.default\searchplugins\BearShareWebSearch.xml
[2011/12/02 22:30:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 14:59:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/04/24 14:15:52 | 000,000,000 | ---D | M] (ScanQuery) -- C:\Program Files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
[2010/12/29 00:03:09 | 000,000,000 | ---D | M] (DataMngr) -- C:\PROGRAM FILES\BEARSHARE APPLICATIONS\MEDIABAR\DATAMNGR\FIREFOXEXTENSION
[2011/04/24 12:09:54 | 000,000,000 | ---D | M] (Hotbar Component) -- C:\PROGRAM FILES\HBLITE\BIN\11.0.363.0\FIREFOX\EXTENSIONS
[2010/12/28 23:23:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/22 14:53:04 | 000,083,248 | ---- | M] (Pinball Corporation.) -- C:\Program Files\mozilla firefox\plugins\npclntax_HBLiteSA.dll
[2011/01/06 14:59:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/09/14 04:41:12 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2166.3772\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
CHR - Extension: Poppit = C:\Users\Lorena\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

Hosts file not found
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Official Ares)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} [You must be registered and logged in to see this link.] (EAFO3AXLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6ABE2ED-F7AF-4B1D-B196-1F95E4F2FE7D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) -C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = ah] -- "C:\Users\Lorena\AppData\Local\wsr.exe" -a "%1" %* (Microsoft Corporation)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: BDRegion - hkey= - key= - C:\Program Files\CyberLink\Shared files\brs.exe (cyberlink)
MsConfig - StartUpReg: RemoteControl10 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/12/02 23:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AutoKMS
[2011/12/02 23:11:25 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Users\Lorena\AppData\Local\wsr.exe
[2011/12/02 00:14:15 | 000,000,000 | ---D | C] -- C:\Users\Lorena\Documents\Amazon MP3
[2011/12/02 00:14:15 | 000,000,000 | ---D | C] -- C:\Users\Lorena\AppData\Roaming\Amazon
[2011/12/02 00:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2011/12/02 00:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/11/29 21:29:19 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/26 12:54:41 | 000,000,000 | ---D | C] -- C:\Users\Lorena\Documents\GameFools
[2011/11/25 21:33:23 | 000,000,000 | ---D | C] -- C:\Users\Lorena\AppData\Roaming\Virtual City
[2011/11/25 20:50:59 | 000,000,000 | ---D | C] -- C:\Users\Lorena\Documents\LDW
[2011/11/25 19:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Shockwave
[2011/11/25 18:37:53 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/11/25 18:36:02 | 000,000,000 | ---D | C] -- C:\Users\Lorena\AppData\Local\APN
[2011/11/17 22:24:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/09 13:11:55 | 002,339,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/11/08 20:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/08 20:01:23 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2011/11/08 19:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/08 19:59:34 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/08 19:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/11/08 19:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/11/08 19:55:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/12/28 22:49:10 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxblserv.dll
[2010/12/28 22:49:10 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxblusb1.dll
[2010/12/28 22:49:10 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxblhbn3.dll
[2010/12/28 22:49:10 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxblcomc.dll
[2010/12/28 22:49:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxblpmui.dll
[2010/12/28 22:49:10 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbllmpm.dll
[2010/12/28 22:49:10 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxblcoms.exe
[2010/12/28 22:49:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxblcomm.dll
[2010/12/28 22:49:10 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxblinpa.dll
[2010/12/28 22:49:10 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbliesc.dll
[2010/12/28 22:49:10 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxblih.exe
[2010/12/28 22:49:10 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxblcfg.exe
[2010/12/28 22:49:10 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBLhcp.dll
[2010/12/28 22:49:10 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxblprox.dll
[2010/12/28 22:49:10 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxblpplc.dll
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/03 00:04:00 | 000,704,290 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2011/12/03 00:04:00 | 000,626,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/03 00:04:00 | 000,137,834 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2011/12/03 00:04:00 | 000,107,160 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/03 00:00:47 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-752818015-2825603863-3657984477-1000.job
[2011/12/02 23:58:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/02 23:58:30 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/02 23:54:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At8.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At6.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At48.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At46.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At44.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At42.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At40.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At4.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At38.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At36.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At34.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At32.job
[2011/12/02 23:54:22 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At30.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At9.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At7.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At5.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At47.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At45.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At43.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At41.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At39.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At37.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At35.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At33.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At31.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At3.job
[2011/12/02 23:54:22 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At29.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At28.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At26.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At24.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At22.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At20.job
[2011/12/02 23:54:21 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/12/02 23:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At27.job
[2011/12/02 23:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At25.job
[2011/12/02 23:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At23.job
[2011/12/02 23:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At21.job
[2011/12/02 23:54:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At19.job
[2011/12/02 23:54:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At18.job
[2011/12/02 23:54:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At16.job
[2011/12/02 23:54:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At14.job
[2011/12/02 23:54:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At12.job
[2011/12/02 23:54:20 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\At10.job
[2011/12/02 23:54:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At17.job
[2011/12/02 23:54:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At15.job
[2011/12/02 23:54:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At13.job
[2011/12/02 23:54:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At11.job
[2011/12/02 23:54:20 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/12/02 23:44:20 | 000,012,652 | -HS- | M] () -- C:\Users\Lorena\AppData\Local\vrghsi1q8srf7vud6mbo0o735u4n
[2011/12/02 23:44:20 | 000,012,652 | -HS- | M] () -- C:\ProgramData\vrghsi1q8srf7vud6mbo0o735u4n
[2011/12/02 23:34:02 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/02 23:30:18 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 23:30:18 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/02 23:26:43 | 000,000,000 | ---- | M] () -- C:\Windows\System32\IFsS7Br8.com.b
[2011/12/02 23:26:13 | 000,000,112 | ---- | M] () -- C:\ProgramData\2WH0TKiu.dat
[2011/12/02 23:26:12 | 000,116,224 | ---- | M] () -- C:\Windows\System32\IFsS7Br8.com_
[2011/12/02 23:21:08 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/02 23:11:25 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\Users\Lorena\AppData\Local\wsr.exe
[2011/12/02 00:13:13 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/29 23:03:55 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/26 12:53:35 | 000,001,813 | ---- | M] () -- C:\Users\Public\Desktop\Shockwave Games.lnk
[2011/11/26 12:53:35 | 000,001,235 | ---- | M] () -- C:\Users\Public\Desktop\Ice Cream Craze - Natural Hero.lnk
[2011/11/26 00:43:45 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Cinema Tycoon Gold.lnk
[2011/11/25 23:41:50 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2011/11/25 23:40:52 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Cinema Tycoon 2 - Movie Mania.lnk
[2011/11/25 22:37:36 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\Avastar Hollywood Tycoon.lnk
[2011/11/25 21:33:12 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Virtual City.lnk
[2011/11/25 20:50:43 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\Plant Tycoon.lnk
[2011/11/25 19:47:01 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Build-a-lot 2.lnk
[2011/11/25 18:35:58 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Coffee Tycoon.lnk
[2011/11/17 22:24:19 | 000,002,130 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/15 23:36:03 | 000,003,021 | ---- | M] () -- C:\Users\Lorena\Desktop\Microsoft Word 2010.lnk
[2011/11/11 03:01:20 | 001,638,964 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/11/10 09:28:58 | 000,411,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/08 20:01:30 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/03 00:00:47 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RealUpgradeScheduledTaskS-1-5-21-752818015-2825603863-3657984477-1000.job
[2011/12/02 23:26:43 | 000,000,000 | ---- | C] () -- C:\Windows\System32\IFsS7Br8.com.b
[2011/12/02 23:23:02 | 000,000,112 | ---- | C] () -- C:\ProgramData\2WH0TKiu.dat
[2011/12/02 23:23:01 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At48.job
[2011/12/02 23:23:00 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At46.job
[2011/12/02 23:23:00 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/02 23:23:00 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/02 23:22:59 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At44.job
[2011/12/02 23:22:58 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At42.job
[2011/12/02 23:22:58 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/02 23:22:57 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/02 23:22:56 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At40.job
[2011/12/02 23:22:55 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/02 23:22:54 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At38.job
[2011/12/02 23:22:54 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/02 23:22:53 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At36.job
[2011/12/02 23:22:53 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/02 23:22:52 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At34.job
[2011/12/02 23:22:51 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/02 23:22:50 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At32.job
[2011/12/02 23:22:49 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/02 23:22:48 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At30.job
[2011/12/02 23:22:47 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At28.job
[2011/12/02 23:22:47 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/02 23:22:46 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/02 23:22:43 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At26.job
[2011/12/02 23:22:42 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At24.job
[2011/12/02 23:22:42 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/02 23:22:41 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/02 23:22:40 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At22.job
[2011/12/02 23:22:39 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/02 23:22:37 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At20.job
[2011/12/02 23:22:36 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/02 23:22:34 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At18.job
[2011/12/02 23:22:34 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/02 23:22:33 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At16.job
[2011/12/02 23:22:32 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/02 23:22:31 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At14.job
[2011/12/02 23:22:30 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At12.job
[2011/12/02 23:22:30 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/02 23:22:29 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/02 23:22:28 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At10.job
[2011/12/02 23:22:28 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/02 23:22:27 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At8.job
[2011/12/02 23:22:27 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/02 23:22:26 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At6.job
[2011/12/02 23:22:26 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/02 23:22:25 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At4.job
[2011/12/02 23:22:24 | 000,000,352 | ---- | C] () -- C:\Windows\tasks\At2.job
[2011/12/02 23:22:24 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/02 23:22:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\IFsS7Br8.com_
[2011/12/02 23:22:23 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/02 23:11:50 | 000,012,652 | -HS- | C] () -- C:\Users\Lorena\AppData\Local\vrghsi1q8srf7vud6mbo0o735u4n
[2011/12/02 23:11:50 | 000,012,652 | -HS- | C] () -- C:\ProgramData\vrghsi1q8srf7vud6mbo0o735u4n
[2011/12/02 00:13:13 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2011/11/26 12:53:35 | 000,001,235 | ---- | C] () -- C:\Users\Public\Desktop\Ice Cream Craze - Natural Hero.lnk
[2011/11/26 00:43:45 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Cinema Tycoon Gold.lnk
[2011/11/25 23:41:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2011/11/25 23:40:52 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Cinema Tycoon 2 - Movie Mania.lnk
[2011/11/25 22:37:36 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\Avastar Hollywood Tycoon.lnk
[2011/11/25 21:33:12 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Virtual City.lnk
[2011/11/25 20:50:43 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\Plant Tycoon.lnk
[2011/11/25 19:47:01 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Build-a-lot 2.lnk
[2011/11/25 18:35:58 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Coffee Tycoon.lnk
[2011/11/17 22:24:19 | 000,002,130 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/08 20:01:30 | 000,001,713 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/02/04 20:58:20 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/02/04 20:58:20 | 000,138,056 | ---- | C] () -- C:\Users\Lorena\AppData\Roaming\PnkBstrK.sys
[2011/02/04 20:58:04 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/02/04 20:57:58 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011/02/04 20:57:58 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/01/17 15:31:12 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/01/13 23:18:11 | 000,000,004 | ---- | C] () -- C:\Users\Lorena\AppData\Roaming\874B7A
[2011/01/13 23:18:09 | 000,870,128 | ---- | C] () -- C:\Users\Lorena\AppData\Roaming\mcs.rma
[2010/12/29 22:52:47 | 000,011,776 | ---- | C] () -- C:\Users\Lorena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/28 23:54:08 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/28 22:49:10 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBLinst.dll
[2010/12/28 18:46:36 | 000,446,258 | ---- | C] () -- C:\Windows\AutoKMS.exe
[2010/12/28 18:24:38 | 000,704,290 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2010/12/28 18:24:38 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2010/12/28 18:24:38 | 000,137,834 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2010/12/28 18:24:38 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2010/08/25 19:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 19:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 19:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 18:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2009/07/13 20:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:33:53 | 000,411,192 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 18:05:48 | 000,626,844 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 18:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 18:05:48 | 000,107,160 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 18:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 18:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 18:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 16:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 15:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/13 14:09:19 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2007/02/22 18:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxblcoin.dll
[2005/09/07 13:44:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxblvs.dll
[1996/04/03 11:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >


Carril75

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2009-11-24
Operating System : Windows XP

View user profile

Back to top Go down

Re: Windows 7 Home Security

Post by Carril75 on Sat 03 Dec 2011, 7:40 pm

I am now unable to paste the rest of the log. it says problem loading page, I've tried about 10 ten times.


Last edited by Carril75 on Sat 03 Dec 2011, 7:43 pm; edited 1 time in total

Carril75

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2009-11-24
Operating System : Windows XP

View user profile

Back to top Go down

Re: Windows 7 Home Security

Post by Carril75 on Sat 03 Dec 2011, 7:42 pm

OTL Extras logfile created on: 12/3/2011 12:01:37 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lorena\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 61.27% Memory free
3.93 Gb Paging File | 3.21 Gb Available in Paging File | 81.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 326.30 Gb Free Space | 70.07% Space Free | Partition Type: NTFS

Computer Name: LORENA-PC | User Name: Lorena | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = ah] -- C:\Users\Lorena\AppData\Local\wsr.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D8EACA3-664E-4F83-8A84-BE3AE952DAB6}" = ArcSoft WebCam Companion 3
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7390FC95-D842-448A-A3A2-C8DC89AEB83A}" = HP Button Manager
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11738453}" = Burger Shop 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D31612BB-C6D7-4142-96AE-16DB062354CF}" = HP Webcam User's Guide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"Avastar Hollywood Tycoon©" = Avastar Hollywood Tycoon©
"BearShare MediaBar" = MediaBar
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Build-a-lot 2: Town of the Year" = Build-a-lot 2: Town of the Year
"CCleaner" = CCleaner
"Cinema Tycoon™ 2: Movie Mania" = Cinema Tycoon™ 2: Movie Mania
"Cinema Tycoon™ Gold" = Cinema Tycoon™ Gold
"Coffee Tycoon" = Coffee Tycoon
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.56
"FIFA MANAGER 10 Demo" = FIFA MANAGER 10 Demo
"FrostWire" = FrostWire 4.21.3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"Ice Cream Craze: Natural Hero" = Ice Cream Craze: Natural Hero
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Plant Tycoon®" = Plant Tycoon®
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Ride 'em Low" = Ride 'em Low
"ScanQuery" = ScanQuery 1.0 build 123 powered by FIRST SEARCHBAR
"Search Toolbar" = Search Toolbar
"ShoppingReport2" = ShopperReports
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"Virtual City" = Virtual City
"VLC media player" = VLC media player 1.1.5
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes (Lorena)
"blinkx beat" = blinkx beat
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2011 3:56:21 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 3:56:21 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5039

Error - 12/2/2011 3:56:21 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5039

Error - 12/2/2011 3:56:22 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 3:56:22 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6053

Error - 12/2/2011 3:56:22 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6053

Error - 12/2/2011 3:56:23 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/2/2011 3:56:23 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7051

Error - 12/2/2011 3:56:23 PM | Computer Name = Lorena-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7051

Error - 12/3/2011 4:04:04 AM | Computer Name = Lorena-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 8/25/2011 10:54:57 PM | Computer Name = Lorena-PC | Source = DCOM | ID = 10010
Description =

Error - 8/26/2011 2:06:12 AM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/27/2011 1:28:00 AM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 8/28/2011 2:31:59 AM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/29/2011 3:02:00 PM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/29/2011 5:15:40 PM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 8/29/2011 10:58:50 PM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 8/31/2011 12:52:30 AM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/31/2011 8:48:37 PM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 9/1/2011 12:37:08 AM | Computer Name = Lorena-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >

Carril75

Newbie Surfer
Newbie Surfer

Posts : 14
Joined : 2009-11-24
Operating System : Windows XP

View user profile

Back to top Go down

Re: Windows 7 Home Security

Post by Belahzur on Tue 06 Dec 2011, 5:03 am

Hello.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Windows 7 Home Security

Post by Sponsored content Today at 9:39 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum