Jump to content
Sign in to follow this  
Linx

Hjt need help

Recommended Posts

Hello,

 

I need some help analizing my system. I have been having slowdowns and I don`t know how to fix it.

 

I scanned with kaspersky on line.

I did a scan with malwrebites.

I did scan with microsoft essensials. nothing show up

I did a scan with hjt and I will put here.

 

HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:25:56 AM, on 12/06/2012

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Running processes:

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A195FG1T\kss12.0.1.117EN_RU_DE_FR_2926.exe

C:\Users\John\AppData\Local\Temp\nsiD54C.tmp\setup.exe

C:\Users\John\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0TzutBtDtCtBtDyDtByB&cr=1300736109

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Users\John\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll (file missing)

O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [removeSearchqudatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar"

O4 - HKLM\..\RunOnce: [removeSearchqutoolbar] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar"

O4 - HKCU\..\Run: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\RunOnce: [!SearchquDSCR] C:\windows\system32\RUNDLL32.EXE C:\Users\John\AppData\Local\Temp\INSTAL~1.DLL,_SetChromeDS http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms},Search Results,r,

O4 - HKCU\..\RunOnce: [!SearchquCRHP] C:\windows\system32\RUNDLL32.EXE C:\Users\John\AppData\Local\Temp\INSTAL~1.DLL,_SetChromeHP http://www.searchnu.com/406,

O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O20 - AppInit_DLLs:

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)

O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Users\John\RealDownloader\rndlresolversvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Secunia PSI Agent - Unknown owner - C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service (file missing)

O23 - Service: Secunia Update Agent - Unknown owner - C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

 

 

 

 

Kaspersky:

 

 

Detailed report

Problems found

System protection (0)

Malware (0)

Vulnerabilities (0)

Other issues (9)

"Autorun from hard drives is allowed"

"Autorun from network drives is enabled"

"CD/DVD autorun is enabled"

"Removable media autorun is enabled"

"Microsoft Internet Explorer - disable caching data received via protected channel"

"Microsoft Internet Explorer: disable sending error reports"

"Microsoft Internet Explorer: enable cache autocleanup on browser closing"

"Windows Explorer: display of known file types extensions is disabled"

"Microsoft Internet Explorer: start page reset"

 

 

MBAN:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-PC [administrator]

12/06/2012 11:59:22 AM

mbam-log-2012-06-12 (13-04-03).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 343592

Time elapsed: 1 hour(s), 4 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 22

HKCR\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr.1 (PUP.FunMoods) -> No action taken.

HKCR\funmoods.funmoodsHlpr (PUP.FunMoods) -> No action taken.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> No action taken.

HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> No action taken.

HKCR\escort.escortIEPane (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoods.dskBnd (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> No action taken.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> No action taken.

HKCR\funmoodsApp.appCore (PUP.Funmoods) -> No action taken.

HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> No action taken.

HKCR\f (PUP.Funmoods) -> No action taken.

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> No action taken.

Registry Values Detected: 2

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: Funmoods Toolbar -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Data: -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

 

Thank you .

Share this post


Link to post
Share on other sites

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

 

If you think you have similar problems, please post the appropriate logs in the Have I Been Hijacked? forum and wait for help.

Hi.:)

 

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

 

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

 

Because of this, I advise you to backup any personal files and folders before you start.

 

Windows 7 Advice:

 

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

 

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

 

64bit Operating System Advice:

 

Your log shows signs that this is a 64 bit machine. HijackThis is not compatible on a 64 bit system like yours and it's scan results can not be relied upon. I'm going to need you to run a different scan for myself in due course.

 

Next:

 

You actually need to have Malwarebyte's Anti-Malware remove what it finds, so I will be advising you update that and run another can and we will go from there...

 

Malwarebytes Anti-Malware:

 

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Malwarebytes Anti-Malware Log.

Share this post


Link to post
Share on other sites

Hi Dakeyras, I appreciate your help.

 

I did unistall hijackthis.

 

Here is the MBAM log:

 

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.12.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

John :: JOHN-PC [administrator]

12/06/2012 8:54:04 PM

mbam-log-2012-06-12 (20-54-04).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 348635

Time elapsed: 46 minute(s), 59 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

I have firefox 13 and I can not see video and some sound.

Share this post


Link to post
Share on other sites

Hi. :)

 

I appreciate your help.

You're welcome!

 

I did unistall hijackthis.

OK.

 

I have firefox 13 and I can not see video and some sound.

We can address this in due course...

 

Security Application Check:

 

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

 

Link 1

Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Scan with OTL:

 

Please download OTL and save it to your Desktop.

 

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

Share this post


Link to post
Share on other sites

Dakeyras,

 

Here are the logs

 

OTL:

 

OTL logfile created on: 13/06/2012 1:57:40 PM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:UsersJohnDownloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

5.48 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 69.34% Memory free

10.96 Gb Paging File | 8.87 Gb Available in Paging File | 80.94% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 231.00 Gb Total Space | 119.85 Gb Free Space | 51.88% Space Free | Partition Type: NTFS

Drive D: | 345.47 Gb Total Space | 344.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

 

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersJohnDownloadsOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0kss.exe (Kaspersky Lab ZAO)

PRC - C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

PRC - C:Program Files (x86)MicrosoftBingDesktopBingDesktopUpdater.exe (Microsoft Corp.)

PRC - C:UsersJohnRealDownloaderrndlresolversvc.exe ()

PRC - C:Program Files (x86)SamsungEasy Software ManagerSWMAgent.exe (SAMSUNG ELECTRONICS CO., Ltd.)

PRC - C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

PRC - C:Program Files (x86)SecuniaPSIpsi_tray.exe (Secunia)

PRC - C:Program Files (x86)SamsungEasy Support CenterSSCKbdHk.exe (SAMSUNG Electronics)

PRC - C:Program Files (x86)SamsungEasy SettingsEasySpeedUpManager.exe (Samsung Electronics)

PRC - C:Program Files (x86)SamsungEasy SettingsSmartSetting.exe (Samsung Electronics Co., Ltd.)

PRC - C:Program Files (x86)SamsungEasy Settingsdmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:Program Files (x86)SamsungEasy SettingsMovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)

PRC - C:Program Files (x86)CyberLinkYouCamYCMMirage.exe (CyberLink)

PRC - C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (Atheros)

PRC - C:Program Files (x86)SamsungSamsung Recovery Solution 5WCScheduler.exe (SEC)

PRC - C:Program Files (x86)CyberLinkMedia+Player10Media+Player10Serv.exe (CyberLink Corp.)

PRC - C:Program Files (x86)CyberLinkPower2GoCLMLSvc.exe (CyberLink)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtscript4.dll ()

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtgui4.dll ()

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtnetwork4.dll ()

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtsql4.dll ()

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtdeclarative4.dll ()

MOD - C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0qtcore4.dll ()

MOD - C:Program Files (x86)SamsungEasy Software ManagerSWMFuncDLL.dll ()

MOD - C:Program Files (x86)SamsungEasy SettingsWinCRT.dll ()

MOD - C:Program Files (x86)SamsungSamsung Recovery Solution 5Resdll.dll ()

MOD - C:Program Files (x86)CyberLinkPower2GoCLMLSvcPS.dll ()

MOD - C:Program Files (x86)CyberLinkPower2GoCLMediaLibrary.dll ()

MOD - C:Program Files (x86)SamsungEasy SettingsHookDllPS2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (NisSrv) -- C:Program FilesMicrosoft Security ClientNisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- C:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:WindowsSysNativeatiesrxx.exe (AMD)

SRV:64bit: - (!SASCORE) -- C:Program FilesSUPERAntiSpywareSASCore64.exe (SUPERAntiSpyware.com)

SRV:64bit: - (wlcrasvc) -- C:Program FilesWindows LiveMeshwlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:WindowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:Program Files (x86)Mozilla Maintenance Servicemaintenanceservice.exe (Mozilla Foundation)

SRV - (KSS) -- C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0kss.exe (Kaspersky Lab ZAO)

SRV - (AdobeARMservice) -- C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe (Adobe Systems Incorporated)

SRV - (BingDesktopUpdate) -- C:Program Files (x86)MicrosoftBingDesktopBingDesktopUpdater.exe (Microsoft Corp.)

SRV - (RealNetworks Downloader Resolver Service) -- C:UsersJohnRealDownloaderrndlresolversvc.exe ()

SRV - (Secunia PSI Agent) -- C:Program Files (x86)SecuniaPSIpsia.exe (Secunia)

SRV - (Secunia Update Agent) -- C:Program Files (x86)SecuniaPSIsua.exe (Secunia)

SRV - (Atheros Bt&Wlan Coex Agent) -- C:Program Files (x86)Bluetooth SuiteAth_CoexAgent.exe (Atheros)

SRV - (AtherosSvc) -- C:Program Files (x86)Bluetooth SuiteAdminService.exe (Atheros Commnucations)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NisDrv) -- C:WindowsSysNativedriversNisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (Fs_Rec) -- C:windowsSysNativedriversfs_rec.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:WindowsSysNativedriversathrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (CH341SER_A64) -- C:WindowsSysNativedriversCH341S64.SYS (www.winchiphead.com)

DRV:64bit: - (amdkmdag) -- C:WindowsSysNativedriversatikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:WindowsSysNativedriversatikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (SABI) -- C:WindowsSysNativedriversSABI.sys (SAMSUNG ELECTRONICS)

DRV:64bit: - (ETD) -- C:WindowsSysNativedriversETD.sys (ELAN Microelectronics Corp.)

DRV:64bit: - (usbfilter) -- C:WindowsSysNativedriversusbfilter.sys (Advanced Micro Devices)

DRV:64bit: - (clwvd) -- C:WindowsSysNativedriversclwvd.sys (CyberLink Corporation)

DRV:64bit: - (SASDIFSV) -- C:Program FilesSUPERAntiSpywaresasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (BtFilter) -- C:WindowsSysNativedriversbtfilter.sys (Atheros)

DRV:64bit: - (BTATH_RCP) -- C:WindowsSysNativedriversbtath_rcp.sys (Atheros)

DRV:64bit: - (BTATH_LWFLT) -- C:WindowsSysNativedriversbtath_lwflt.sys (Atheros)

DRV:64bit: - (BTATH_HCRP) -- C:WindowsSysNativedriversbtath_hcrp.sys (Atheros)

DRV:64bit: - (AthBTPort) -- C:WindowsSysNativedriversbtath_flt.sys (Atheros)

DRV:64bit: - (BTATH_BUS) -- C:WindowsSysNativedriversbtath_bus.sys (Atheros)

DRV:64bit: - (btath_avdt) -- C:WindowsSysNativedriversbtath_avdt.sys (Atheros)

DRV:64bit: - (BTATH_A2DP) -- C:WindowsSysNativedriversbtath_a2dp.sys (Atheros)

DRV:64bit: - (SASKUTIL) -- C:Program FilesSUPERAntiSpywaresaskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV:64bit: - (amd_xata) -- C:WindowsSysNativedriversamd_xata.sys (Advanced Micro Devices)

DRV:64bit: - (amd_sata) -- C:WindowsSysNativedriversamd_sata.sys (Advanced Micro Devices)

DRV:64bit: - (RTL8167) -- C:WindowsSysNativedriversRt64win7.sys (Realtek )

DRV:64bit: - (SGDrv) -- C:WindowsSysNativedriversSGDrv64.sys (Phoenix Technologies Ltd.)

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (TsUsbFlt) -- C:WindowsSysNativedriversTsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:WindowsSysNativedriverssdbus.sys (Microsoft Corporation)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbGD) -- C:WindowsSysNativedriversTsUsbGD.sys (Microsoft Corporation)

DRV:64bit: - (AtiHDAudioService) -- C:WindowsSysNativedriversAtihdW76.sys (Advanced Micro Devices)

DRV:64bit: - (PSI) -- C:WindowsSysNativedriverspsi_mf.sys (Secunia)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (igfx) -- C:WindowsSysNativedriversigdkmd64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (rtport) -- C:WindowsSysWOW64driversrtport.sys (Windows ® 2003 DDK 3790 provider)

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0TzutBtDtCtBtDyDtByB&cr=1300736109

IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE:64bit: - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0TzutBtDtCtBtDyDtByB&cr=1300736109

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0TzutBtDtCtBtDyDtByB&cr=1300736109

IE - HKLM..SearchScopes,Backup.Old.DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}

IE - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM..SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKLM..SearchScopes{7B4D4325-10A3-2E17-A0C3-5743FC1385DB}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=axl&chnl=axl&cd=2XzutAtN2Y1L1Qzu0EzztDtAzy0A0AtA0DtA0FyEzy0DzyyEtN0D0TzutBtDtCtBtDyDtByB&cr=1300736109

 

 

IE - HKU.DEFAULTSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

IE - HKUS-1-5-18SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

 

 

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Backup.Old.Start Page = http://search.babylon.com/?affID=110822&tt=100512_1_&babsrc=HP_ss&mntrId=9a269d940000000000008a039a88a6d3

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glarysoft.com/?src=iehome

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.sympatico.ca/

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Start Page Restore = http://www.sympatico.ca/

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=CA&install_date=20120612&user_guid=F890A6CC671147219A704A833C41E2DA&machine_id=7db47fe220f67bc27bd9242cc407798e&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{803CFD44-3105-472C-BB2D-F7A18C0E6D1C}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glarysoft.com/?q={searchTerms}&src=iesearch

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowssystem32MacromedFlashNPSWF64_11_3_300_257.dll File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program FilesMicrosoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@adobe.com/FlashPlayer: C:windowsSysWOW64MacromedFlashNPSWF32_11_3_300_257.dll ()

FF - HKLMSoftwareMozillaPlugins@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll (Foxit Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/DTPlugin,version=10.4.1: C:windowsSysWOW64npDeployJava1.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@java.com/JavaPlugin,version=10.4.1: C:Program Files (x86)OracleJavaFX 2.1 Runtimebinplugin2npjp2.dll (Oracle Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/GENUINE: disabled File not found

FF - HKLMSoftwareMozillaPlugins@Microsoft.com/NpCtrl,version=1.0: C:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll ( Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@microsoft.com/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - HKLMSoftwareMozillaPlugins@real.com/nprndlchromebrowserrecordext;version=1.1.0: C:UsersJohnRealDownloaderBrowserPluginsMozillaPluginsnprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@real.com/nprndlhtml5videoshim;version=1.1.0: C:UsersJohnRealDownloaderBrowserPluginsMozillaPluginsnprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLMSoftwareMozillaPlugins@realnetworks.com/npdlplugin;version=1: C:UsersJohnRealDownloaderBrowserPluginsnpdlplugin.dll (RealDownloader)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetleCorePlugin,version=0.9.19: C:Program Files (x86)VeetlepluginsnpVeetle.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@veetle.com/veetlePlayerPlugin,version=0.9.18: C:Program Files (x86)VeetlePlayernpvlc.dll (Veetle Inc)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.0: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPlugins@videolan.org/vlc,version=2.0.1: C:Program Files (x86)VideoLANVLCnpvlc.dll (VideoLAN)

FF - HKLMSoftwareMozillaPluginsAdobe Reader: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll (Adobe Systems Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=3: C:UsersJohnAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

FF - HKCUSoftwareMozillaPlugins@tools.google.com/Google Update;version=9: C:UsersJohnAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1BC4187C-4BB6-4C5A-A11A-3FB535AE04AB}: C:UsersJohnRealDownloaderBrowserPluginsFirefoxExt [2012/05/19 23:34:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 13.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/06/12 16:10:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 13.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2012/06/12 22:18:26 | 000,000,000 | ---D | M]

 

[2012/06/12 16:10:51 | 000,000,000 | ---D | M] (No name found) -- C:UsersJohnAppDataRoamingMozillaExtensions

[2012/06/12 00:45:06 | 000,000,000 | ---D | M] (No name found) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfiles7im5l91m.defaultextensions

[2012/06/12 00:45:07 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfiles7im5l91m.defaultextensionsdonottrackplus@abine.com

[2012/06/12 21:14:51 | 000,000,000 | ---D | M] (No name found) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfilesps6zf4yi.defaultextensions

[2012/06/12 21:14:50 | 000,000,000 | ---D | M] (Canadian English Dictionary) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfilesps6zf4yi.defaultextensionsen-CA@dictionaries.addons.mozilla.org

[2012/06/12 16:48:55 | 000,000,000 | ---D | M] (AutoTradutor) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfilesps6zf4yi.defaultextensionsjid0-Re15rJGCtDTAeh3coeID4VTYl18@jetpack

[2012/06/12 21:14:51 | 000,000,000 | ---D | M] (Corretor para Português de Portugal) -- C:UsersJohnAppDataRoamingMozillaFirefoxProfilesps6zf4yi.defaultextensionspt-PT@dictionaries.addons.mozilla.org

[2012/06/12 16:10:07 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchpluginsbing.xml

[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:Program Files (x86)mozilla firefoxsearchplugins witter.xml

 

========== Chrome ==========

 

CHR - default_search_provider: Search Results (Enabled)

CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&appid=101&systemid=406&sr=0&q={searchTerms}

CHR - default_search_provider: suggest_url = ,

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:UsersJohnAppDataLocalGoogleChromeApplication19.0.1084.56ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:UsersJohnAppDataLocalGoogleChromeApplication19.0.1084.56pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:UsersJohnAppDataLocalGoogleChromeApplication19.0.1084.56gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:UsersJohnAppDataLocalGoogleChromeUser DataPepperFlash11.2.31.144pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:windowsSysWOW64MacromedFlashNPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:Program Files (x86)AdobeReader 10.0ReaderBrowsernppdf32.dll

CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:Program Files (x86)Foxit SoftwareFoxit ReaderpluginsnpFoxitReaderPlugin.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:Program Files (x86)Microsoft Silverlight5.1.10411.0npctrl.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:Program Files (x86)OracleJavaFX 2.1 Runtimebinplugin2npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:windowsSysWOW64npDeployJava1.dll

CHR - plugin: Veetle TV Player (Enabled) = C:Program Files (x86)VeetlePlayernpvlc.dll

CHR - plugin: Veetle TV Core (Enabled) = C:Program Files (x86)VeetlepluginsnpVeetle.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:Program Files (x86)VideoLANVLCnpvlc.dll

CHR - plugin: Windows Live Photo Gallery (Enabled) = C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:UsersJohnAppDataLocalGoogleUpdate1.3.21.111npGoogleUpdate3.dll

CHR - plugin: RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) (Enabled) = C:UsersJohnRealDownloaderBrowserPluginsMozillaPluginsnprndlchromebrowserrecordext.dll

CHR - plugin: RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) (Enabled) = C:UsersJohnRealDownloaderBrowserPluginsMozillaPluginsnprndlhtml5videoshim.dll

CHR - plugin: RealDownloader Plugin (Enabled) = C:UsersJohnRealDownloaderBrowserPluginsnpdlplugin.dll

CHR - Extension: YouTube = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2.5_0

CHR - Extension: Google Search = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionscoobgpohoikkiipiblmjeljniedjpjpf0.0.0.19_0

CHR - Extension: After the Deadline = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsfcdjadjbdihbaodagojiomdljhjhjfho1.2_0

CHR - Extension: Dictionary.com = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsgikhgcaliglmioibbockkmjknfnepbdh1.4_0

CHR - Extension: Translator by Dictionary.com = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsglacllipodbjfijgkcdifnlhmoddlkon1.4_0

CHR - Extension: RealDownloader = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsidhngdhcfkoamngbedgpaokgjbnpdiji1.1.0_0

CHR - Extension: Spell Checker for Chrome = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionsjfpdnkkdgghlpdgldicfgnnnkhdfhocg0.9.2.8_0

CHR - Extension: Watch Live Football Streaming Online For Free = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionslegocaboiicfjgofnmlgnogcngeokmga4.0_0

CHR - Extension: Gmail = C:UsersJohnAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia7_0

 

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:WindowsSysNativedriversetchosts

O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:Program FilesAMDSteadyVideoSteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:UsersJohnRealDownloaderBrowserPluginsIErndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:Program Files (x86)AMDSteadyVideoSteadyVideo.dll (Advanced Micro Devices)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinssv.dll (Oracle Corporation)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:Program Files (x86)Bluetooth SuiteIEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program Files (x86)OracleJavaFX 2.1 Runtimebinjp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4:64bit: - HKLM..Run: [AthBtTray] C:Program Files (x86)Bluetooth SuiteAthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..Run: [AtherosBtStack] C:Program Files (x86)Bluetooth SuiteBtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..Run: [ETDCtrl] C:Program FilesElantechETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..Run: [Logitech Download Assistant] C:windowsSysNativeLogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..Run: [MSC] C:Program FilesMicrosoft Security Clientmsseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..Run: [bingDesktop] C:Program Files (x86)MicrosoftBingDesktopBingDesktop.exe (Microsoft Corp.)

O4 - HKUS-1-5-19..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-20..Run: [sidebar] C:Program Files (x86)Windows SidebarSidebar.exe (Microsoft Corporation)

O4 - HKUS-1-5-21-839072158-3120938179-813264055-1000..Run: [KSS] C:Program Files (x86)Kaspersky LabKaspersky Security Scan 2.0kss.exe (Kaspersky Lab ZAO)

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerLow Rights present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktop = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoActiveDesktopChanges = 1

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:Program Files (x86)Bluetooth SuiteIEPlugIn.dll (Atheros Commnucations)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 172.16.0.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{D79A78F7-00FD-4165-BA32-90552F17833E}: DhcpNameServer = 172.16.0.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{F8BCFB85-77AD-4FB6-8817-47080EE4DC69}: DhcpNameServer = 172.16.0.1

O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerskype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:Program Files (x86)Common FilesSkypeSkype4COM.dll (Skype Technologies)

O18:64bit: - ProtocolFiltervideo/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:Program FilesAMDSteadyVideoVideoMIMEFilter.dll (Advanced Micro Devices)

O18:64bit: - ProtocolFiltervideo/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:Program FilesAMDSteadyVideoVideoMIMEFilter.dll (Advanced Micro Devices)

O18 - ProtocolFiltervideo/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:Program Files (x86)AMDSteadyVideoVideoMIMEFilter.dll (Advanced Micro Devices)

O18 - ProtocolFiltervideo/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:Program Files (x86)AMDSteadyVideoVideoMIMEFilter.dll (Advanced Micro Devices)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:windowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:windowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:windowsSysWow64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = comfile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

O38 - SubSystemsWindows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystemsWindows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystemsWindows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/06/13 17:27:47 | 000,174,640 | ---- | C] (Symantec Corporation) -- C:windowsSysNativedriversSYMEVENT64x86.SYS

[2012/06/13 17:27:40 | 000,428,544 | ---- | C] (Samsung Electronics) -- C:windowsAutoReseal.exe

[2012/06/13 17:27:40 | 000,423,936 | ---- | C] (TODO: <Company name>) -- C:windowsReseal64.exe

[2012/06/13 13:30:37 | 000,000,000 | R--D | C] -- C:UsersJohnAppDataRoamingMicrosoftWindowsStart MenuProgramsBT Devices

[2012/06/13 12:43:04 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalElevatedDiagnostics

[2012/06/12 16:10:10 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Maintenance Service

[2012/06/12 16:10:06 | 000,000,000 | ---D | C] -- C:Program Files (x86)Mozilla Firefox

[2012/06/12 15:40:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64qdvd.dll

[2012/06/12 15:40:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeqdvd.dll

[2012/06/12 15:03:06 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativemshtmled.dll

[2012/06/12 15:03:06 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64mshtmled.dll

[2012/06/12 15:03:05 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeurl.dll

[2012/06/12 15:03:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64url.dll

[2012/06/12 15:03:03 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeieui.dll

[2012/06/12 15:03:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ieui.dll

[2012/06/12 15:03:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeieUnatt.exe

[2012/06/12 15:03:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ieUnatt.exe

[2012/06/12 15:03:00 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativejscript9.dll

[2012/06/12 15:03:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativeinetcpl.cpl

[2012/06/12 15:03:00 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64inetcpl.cpl

[2012/06/12 15:02:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativejscript.dll

[2012/06/12 15:02:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64jscript.dll

[2012/06/12 15:02:05 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativecrypt32.dll

[2012/06/12 15:02:04 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativecryptnet.dll

[2012/06/12 15:01:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativentoskrnl.exe

[2012/06/12 15:01:53 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ntkrnlpa.exe

[2012/06/12 15:01:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:windowsSysWow64ntoskrnl.exe

[2012/06/12 15:01:52 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativemsi.dll

[2012/06/12 15:01:47 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativerdpcorekmts.dll

[2012/06/12 15:01:47 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativerdpwsx.dll

[2012/06/12 15:01:47 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:windowsSysNativerdrmemptylst.exe

[2012/06/12 14:58:59 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsBing Desktop

[2012/06/12 12:50:30 | 000,000,000 | ---D | C] -- C:UsersJohnDesktopHJT logs

[2012/06/12 11:58:16 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingMalwarebytes

[2012/06/12 11:55:30 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMalwarebytes' Anti-Malware

[2012/06/12 11:55:20 | 000,000,000 | ---D | C] -- C:ProgramDataMalwarebytes

[2012/06/12 11:55:18 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:windowsSysNativedriversmbam.sys

[2012/06/12 11:55:18 | 000,000,000 | ---D | C] -- C:Program Files (x86)Malwarebytes' Anti-Malware

[2012/06/12 11:26:41 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingMicrosoftWindowsStart MenuProgramsKaspersky Security Scan

[2012/06/12 11:26:16 | 000,000,000 | ---D | C] -- C:ProgramDataKaspersky Lab

[2012/06/12 11:26:16 | 000,000,000 | ---D | C] -- C:Program Files (x86)Kaspersky Lab

[2012/06/12 10:50:25 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsFoxit Reader

[2012/06/12 09:43:26 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalIlivid Player

[2012/06/12 09:42:27 | 000,000,000 | ---D | C] -- C:ProgramDataboost_interprocess

[2012/06/11 20:20:37 | 000,000,000 | ---D | C] -- C:Program Files (x86)FLVPlayer

[2012/06/11 14:17:29 | 000,000,000 | ---D | C] -- C:ProgramDataMcAfee

[2012/06/11 14:07:41 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalAdobe

[2012/06/10 10:04:45 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalMacromedia

[2012/06/08 23:27:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)1ClickDownload

[2012/06/08 23:03:04 | 000,000,000 | ---D | C] -- C:ProgramDataPremium

[2012/06/08 23:02:56 | 000,000,000 | ---D | C] -- C:ProgramDataInstallMate

[2012/06/08 18:53:45 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalTopoGrafix

[2012/06/08 18:53:43 | 000,000,000 | ---D | C] -- C:Program Files (x86)EasyGPS

[2012/06/07 17:45:05 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsMy GPS

[2012/06/07 16:18:07 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Streets & Trips

[2012/06/07 16:18:07 | 000,000,000 | ---D | C] -- C:Program Files (x86)Microsoft Location Finder

[2012/06/04 23:13:05 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalSam Francke

[2012/06/04 23:11:48 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCSVed

[2012/06/04 23:11:46 | 000,000,000 | ---D | C] -- C:Program Files (x86)CSVed

[2012/06/04 21:20:08 | 000,000,000 | ---D | C] -- C:TOOLKIT

[2012/06/04 17:04:10 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAbsolute Uninstaller

[2012/06/04 17:04:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)Absolute Uninstaller

[2012/06/04 16:10:59 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsMy Garmin

[2012/06/04 16:03:00 | 000,000,000 | ---D | C] -- C:garmin

[2012/06/04 12:00:33 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingGarmin

[2012/06/04 12:00:26 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsGarmin

[2012/06/04 11:59:28 | 000,000,000 | ---D | C] -- C:Program FilesDIFX

[2012/06/04 11:59:27 | 000,000,000 | ---D | C] -- C:Program Files (x86)Garmin

[2012/06/04 11:59:04 | 001,995,776 | ---- | C] (Embarcadero Technologies, Inc.) -- C:windowsSysWow64vcl120.bpl

[2012/06/04 11:59:03 | 001,095,168 | ---- | C] (Embarcadero Technologies, Inc.) -- C:windowsSysWow64rtl120.bpl

[2012/06/04 11:58:59 | 000,000,000 | ---D | C] -- C:ProgramDataMyPoiWorld

[2012/05/30 14:25:38 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsHerbs

[2012/05/29 17:53:21 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsYoucam

[2012/05/29 17:53:18 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingCyberLink

[2012/05/29 17:53:17 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalCyberLink

[2012/05/29 17:51:10 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalWindows Live

[2012/05/29 17:50:52 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocal{A2779237-D51C-4071-9C77-985F15B4ADF9}

[2012/05/29 17:50:52 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocal{6FBCB5A0-680C-48D8-8D3F-5C59976A22B6}

[2012/05/29 14:54:15 | 000,000,000 | ---D | C] -- C:UsersJohnDesktopGarmin files

[2012/05/27 00:07:50 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/05/26 23:18:14 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataLocalDiagnostics

[2012/05/20 11:20:27 | 000,000,000 | ---D | C] -- C:UsersJohnJohn`s Files

[2012/05/19 23:34:59 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingReal

[2012/05/19 23:34:55 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsRealNetworks

[2012/05/19 23:34:51 | 000,000,000 | ---D | C] -- C:Program Files (x86)RealNetworks

[2012/05/19 23:34:47 | 000,000,000 | ---D | C] -- C:UsersJohnRealDownloader

[2012/05/19 23:34:43 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingRealNetworks

[2012/05/19 23:33:25 | 000,000,000 | ---D | C] -- C:ProgramDataRealNetworks

[2012/05/18 15:52:58 | 000,000,000 | R--D | C] -- C:UsersJohnDocumentsScanned Documents

[2012/05/18 15:52:58 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsFax

[2012/05/17 23:27:54 | 000,000,000 | ---D | C] -- C:UsersJohnDesktophealth Ontario

[2012/05/16 13:02:21 | 000,000,000 | ---D | C] -- C:UsersJohnDesktopPerrot buetooth

[2012/05/16 12:57:42 | 000,000,000 | ---D | C] -- C:UsersJohnDesktopSamsung

[2012/05/16 12:55:33 | 000,000,000 | ---D | C] -- C:UsersJohnDesktopHP

[2012/05/16 10:34:10 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome

[2012/05/15 23:47:38 | 000,000,000 | ---D | C] -- C:UsersJohnDocumentsFlorida 21 july 2012

[2012/05/15 18:48:43 | 000,000,000 | ---D | C] -- C:UsersJohnAppDataRoamingpdf995

 

========== Files - Modified Within 30 Days ==========

 

[2012/06/13 13:44:00 | 000,000,904 | ---- | M] () -- C:windows asksGoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000UA.job

[2012/06/13 13:37:26 | 000,021,200 | -H-- | M] () -- C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/13 13:37:26 | 000,021,200 | -H-- | M] () -- C:windowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/13 13:30:27 | 000,000,322 | ---- | M] () -- C:windows asksGlaryInitialize.job

[2012/06/13 13:30:07 | 000,067,584 | --S- | M] () -- C:windowsbootstat.dat

[2012/06/13 13:30:02 | 1589,432,319 | -HS- | M] () -- C:hiberfil.sys

[2012/06/13 13:12:02 | 000,000,830 | ---- | M] () -- C:windows asksAdobe Flash Player Updater.job

[2012/06/13 12:34:53 | 000,729,688 | ---- | M] () -- C:windowsSysNativePerfStringBackup.INI

[2012/06/13 12:34:53 | 000,630,560 | ---- | M] () -- C:windowsSysNativeperfh009.dat

[2012/06/13 12:34:53 | 000,111,612 | ---- | M] () -- C:windowsSysNativeperfc009.dat

[2012/06/13 10:44:00 | 000,000,852 | ---- | M] () -- C:windows asksGoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000Core.job

[2012/06/12 15:31:54 | 000,422,688 | ---- | M] () -- C:windowsSysNativeFNTCACHE.DAT

[2012/06/12 12:15:41 | 000,020,184 | ---- | M] () -- C:UsersJohnDocumentscc_20120612_121533.reg

[2012/06/12 10:50:26 | 000,001,110 | ---- | M] () -- C:UsersJohnApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader.lnk

[2012/06/12 00:26:20 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerApp.exe

[2012/06/12 00:26:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:windowsSysWow64FlashPlayerCPLApp.cpl

[2012/06/09 17:24:49 | 008,650,752 | ---- | M] () -- C:UsersJohnDesktopBette_Midler_-_The_Rose.mp3

[2012/06/07 18:11:44 | 000,037,819 | ---- | M] () -- C:UsersJohnDesktopimage002.jpg

[2012/06/06 23:18:37 | 000,098,608 | ---- | M] () -- C:UsersJohnDesktopAnexo de e-mail.jpeg

[2012/06/06 22:56:24 | 000,000,020 | ---- | M] () -- C:UsersJohnDesktopWaterfalls in Ontario.csv

[2012/06/04 23:11:48 | 000,000,905 | ---- | M] () -- C:UsersPublicDesktopCSVed.lnk

[2012/06/04 22:24:17 | 000,061,547 | ---- | M] () -- C:UsersJohnDesktopSpeed-Cameras.csv

[2012/06/04 22:24:08 | 000,337,381 | ---- | M] () -- C:UsersJohnDesktopRedlight-Cameras.csv

[2012/06/04 17:04:10 | 000,001,042 | ---- | M] () -- C:UsersJohnApplication DataMicrosoftInternet ExplorerQuick LaunchAbsolute Uninstaller.lnk

[2012/06/01 16:50:58 | 000,026,296 | ---- | M] () -- C:UsersJohnDesktop547260_420004184700993_734131087_n.jpg

[2012/05/29 14:46:51 | 000,000,060 | ---- | M] () -- C:windowswpd99.drv

[2012/05/27 19:43:12 | 000,302,425 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods-speeddial.crx

[2012/05/27 19:43:12 | 000,031,470 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods.crx

[2012/05/23 11:50:59 | 000,934,716 | ---- | M] () -- C:UsersJohnDesktopHamiltonFallsMapJune2005.pdf

[2012/05/17 22:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativejscript9.dll

[2012/05/17 21:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativeinetcpl.cpl

[2012/05/17 21:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativeurl.dll

[2012/05/17 21:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativeieUnatt.exe

[2012/05/17 21:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativejscript.dll

[2012/05/17 21:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativemshtmled.dll

[2012/05/17 21:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:windowsSysNativeieui.dll

[2012/05/17 18:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64inetcpl.cpl

[2012/05/17 18:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64url.dll

[2012/05/17 18:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64ieUnatt.exe

[2012/05/17 18:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64jscript.dll

[2012/05/17 18:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64mshtmled.dll

[2012/05/17 18:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:windowsSysWow64ieui.dll

[2012/05/14 16:04:46 | 006,110,725 | ---- | M] () -- C:UsersJohnDesktopAlgarve roteiros.pdf

[2012/05/14 15:36:45 | 000,020,468 | ---- | M] () -- C:UsersJohnDesktopm_SerraCaldeirao.gif

 

========== Files Created - No Company Name ==========

 

[2012/06/13 17:27:47 | 000,007,440 | ---- | C] () -- C:windowsSysNativedriversSYMEVENT64x86.CAT

[2012/06/13 17:27:47 | 000,000,854 | ---- | C] () -- C:windowsSysNativedriversSYMEVENT64x86.INF

[2012/06/12 16:10:11 | 000,001,102 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMozilla Firefox.lnk

[2012/06/12 14:22:44 | 000,175,616 | ---- | C] () -- C:windowsSysWow64unrar.dll

[2012/06/12 12:15:38 | 000,020,184 | ---- | C] () -- C:UsersJohnDocumentscc_20120612_121533.reg

[2012/06/12 10:50:26 | 000,001,110 | ---- | C] () -- C:UsersJohnApplication DataMicrosoftInternet ExplorerQuick LaunchFoxit Reader.lnk

[2012/06/09 17:24:18 | 008,650,752 | ---- | C] () -- C:UsersJohnDesktopBette_Midler_-_The_Rose.mp3

[2012/06/07 18:11:38 | 000,037,819 | ---- | C] () -- C:UsersJohnDesktopimage002.jpg

[2012/06/07 16:25:08 | 000,002,737 | ---- | C] () -- C:ProgramDataMicrosoftWindowsStart MenuProgramsMicrosoft Streets & Trips 2007.lnk

[2012/06/06 23:18:36 | 000,098,608 | ---- | C] () -- C:UsersJohnDesktopAnexo de e-mail.jpeg

[2012/06/04 23:32:05 | 000,000,020 | ---- | C] () -- C:UsersJohnDesktopWaterfalls in Ontario.csv

[2012/06/04 23:11:48 | 000,000,905 | ---- | C] () -- C:UsersPublicDesktopCSVed.lnk

[2012/06/04 22:24:16 | 000,061,547 | ---- | C] () -- C:UsersJohnDesktopSpeed-Cameras.csv

[2012/06/04 22:24:01 | 000,337,381 | ---- | C] () -- C:UsersJohnDesktopRedlight-Cameras.csv

[2012/06/04 17:04:10 | 000,001,042 | ---- | C] () -- C:UsersJohnApplication DataMicrosoftInternet ExplorerQuick LaunchAbsolute Uninstaller.lnk

[2012/06/01 16:50:57 | 000,026,296 | ---- | C] () -- C:UsersJohnDesktop547260_420004184700993_734131087_n.jpg

[2012/05/27 19:41:41 | 000,302,425 | ---- | C] () -- C:UsersJohnAppDataLocalfunmoods-speeddial.crx

[2012/05/27 19:41:41 | 000,031,470 | ---- | C] () -- C:UsersJohnAppDataLocalfunmoods.crx

[2012/05/23 11:51:11 | 000,934,716 | ---- | C] () -- C:UsersJohnDesktopHamiltonFallsMapJune2005.pdf

[2012/05/16 10:33:48 | 000,000,904 | ---- | C] () -- C:windows asksGoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000UA.job

[2012/05/16 10:33:48 | 000,000,852 | ---- | C] () -- C:windows asksGoogleUpdateTaskUserS-1-5-21-839072158-3120938179-813264055-1000Core.job

[2012/05/14 16:04:46 | 006,110,725 | ---- | C] () -- C:UsersJohnDesktopAlgarve roteiros.pdf

[2012/05/14 15:36:45 | 000,020,468 | ---- | C] () -- C:UsersJohnDesktopm_SerraCaldeirao.gif

[2012/05/11 22:33:27 | 000,000,000 | ---- | C] () -- C:windowsParrotFlashWiz.INI

[2012/05/06 17:54:05 | 001,542,208 | ---- | C] () -- C:windowsSysWow64PerfStringBackup.INI

[2012/05/06 16:51:35 | 000,040,448 | ---- | C] () -- C:windowsSysWow64pdf995mon64.dll

[2012/05/06 16:51:35 | 000,000,060 | ---- | C] () -- C:windowswpd99.drv

[2011/12/21 23:26:01 | 000,307,200 | ---- | C] () -- C:windowsSetDisplayResolution.exe

[2011/12/21 22:42:04 | 000,000,000 | ---- | C] () -- C:windowsativpsrm.bin

[2011/12/21 22:25:10 | 000,002,480 | ---- | C] () -- C:windowsHotFixList.ini

[2011/11/01 03:00:03 | 000,204,952 | ---- | C] () -- C:windowsSysWow64ativvsvl.dat

[2011/11/01 03:00:03 | 000,157,144 | ---- | C] () -- C:windowsSysWow64ativvsva.dat

[2011/11/01 03:00:02 | 000,003,917 | ---- | C] () -- C:windowsSysWow64atipblag.dat

[2011/10/13 03:53:18 | 000,056,832 | ---- | C] () -- C:windowsSysWow64OpenVideo.dll

[2011/10/13 03:53:02 | 000,056,832 | ---- | C] () -- C:windowsSysWow64OVDecoder.dll

< End of report >

 

 

Extras log:

 

OTL Extras logfile created on: 13/06/2012 1:57:40 PM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:UsersJohnDownloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

5.48 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 69.34% Memory free

10.96 Gb Paging File | 8.87 Gb Available in Paging File | 80.94% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 231.00 Gb Total Space | 119.85 Gb Free Space | 51.88% Space Free | Partition Type: NTFS

Drive D: | 345.47 Gb Total Space | 344.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

 

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:windowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:windowsSysWow64control.exe (Microsoft Corporation)

 

[HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREClasses<extension>]

.html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:Program Files (x86)CanonDigital Photo ProfessionalDPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:Program Files (x86)CanonDigital Photo ProfessionalDPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{1E93CBA2-C18E-4D6E-9A8C-A56674BF25EB}" = rport=138 | protocol=17 | dir=out | app=system |

"{32EF1DFC-2CDA-4455-8A31-F6B95743038D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{33788F93-EB67-4AED-8350-500D7FF2EAD4}" = lport=139 | protocol=6 | dir=in | app=system |

"{3740CF93-355C-419A-B712-7DF983416FD0}" = rport=445 | protocol=6 | dir=out | app=system |

"{42534983-B0D7-4155-9CF3-EC8F39F06CC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{46D7E79D-27CF-4F57-940C-835156BEDBAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5E9E384E-2C3A-442E-A94B-91921374C69E}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12outlook.exe |

"{7E05B031-4832-4ECC-B3B4-BBE15C0F0900}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{82D2B3E2-43D4-4E31-93F7-4B257D88DE16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

"{AA0271FB-08C6-43F7-9991-22071415FD08}" = rport=139 | protocol=6 | dir=out | app=system |

"{B3489EE9-197E-41AC-855F-7AB82CFB6CEE}" = lport=445 | protocol=6 | dir=in | app=system |

"{E621AE27-2DB6-47C6-97A5-5C1FA1FF540A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EB1F23A5-C6AF-42B5-B46B-7F99E3560C25}" = rport=137 | protocol=17 | dir=out | app=system |

"{F3D29DBF-450C-4EF0-9BC9-144B3803CB7C}" = lport=137 | protocol=17 | dir=in | app=system |

"{FC37DCDB-F03C-4F33-8966-E93B1DC39BF6}" = lport=138 | protocol=17 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{004EA277-C711-4D6D-85E4-ADD82B0A5075}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |<

Share this post


Link to post
Share on other sites

The OTL Extras log posted is only partial(thats why at times I advise anyone I assist for certain logs requested to be posted individually)...Also you still need to download and run SecurityCheck and in turn post that log for my review. :)

Share this post


Link to post
Share on other sites

I did not know the OTL was parcial.

 

OTL Log

 

OTL Extras logfile created on: 13/06/2012 1:57:40 PM - Run 1

OTL by OldTimer - Version 3.2.48.0 Folder = C:UsersJohnDownloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

 

5.48 Gb Total Physical Memory | 3.80 Gb Available Physical Memory | 69.34% Memory free

10.96 Gb Paging File | 8.87 Gb Available in Paging File | 80.94% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 231.00 Gb Total Space | 119.85 Gb Free Space | 51.88% Space Free | Partition Type: NTFS

Drive D: | 345.47 Gb Total Space | 344.14 Gb Free Space | 99.61% Space Free | Partition Type: NTFS

 

Computer Name: JOHN-PC | User Name: John | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url[@ = InternetShortcut] -- C:windowsSysNativerundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:windowsSysWow64control.exe (Microsoft Corporation)

 

[HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREClasses<extension>]

.html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:Program Files (x86)CanonDigital Photo ProfessionalDPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%System32InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [Digital Photo Professional] -- C:Program Files (x86)CanonDigital Photo ProfessionalDPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringKasperskyAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{1E93CBA2-C18E-4D6E-9A8C-A56674BF25EB}" = rport=138 | protocol=17 | dir=out | app=system |

"{32EF1DFC-2CDA-4455-8A31-F6B95743038D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%system32svchost.exe |

"{33788F93-EB67-4AED-8350-500D7FF2EAD4}" = lport=139 | protocol=6 | dir=in | app=system |

"{3740CF93-355C-419A-B712-7DF983416FD0}" = rport=445 | protocol=6 | dir=out | app=system |

"{42534983-B0D7-4155-9CF3-EC8F39F06CC7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{46D7E79D-27CF-4F57-940C-835156BEDBAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{5E9E384E-2C3A-442E-A94B-91921374C69E}" = lport=6004 | protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12outlook.exe |

"{7E05B031-4832-4ECC-B3B4-BBE15C0F0900}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%system32svchost.exe |

"{82D2B3E2-43D4-4E31-93F7-4B257D88DE16}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%system32spoolsv.exe |

"{AA0271FB-08C6-43F7-9991-22071415FD08}" = rport=139 | protocol=6 | dir=out | app=system |

"{B3489EE9-197E-41AC-855F-7AB82CFB6CEE}" = lport=445 | protocol=6 | dir=in | app=system |

"{E621AE27-2DB6-47C6-97A5-5C1FA1FF540A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{EB1F23A5-C6AF-42B5-B46B-7F99E3560C25}" = rport=137 | protocol=17 | dir=out | app=system |

"{F3D29DBF-450C-4EF0-9BC9-144B3803CB7C}" = lport=137 | protocol=17 | dir=in | app=system |

"{FC37DCDB-F03C-4F33-8966-E93B1DC39BF6}" = lport=138 | protocol=17 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyFirewallRules]

"{004EA277-C711-4D6D-85E4-ADD82B0A5075}" = protocol=17 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{0B29B385-C959-4F5E-AAF5-EA9D2702BE5A}" = dir=in | app=c:program files (x86)skypephoneskype.exe |

"{0BAFB8FF-D5F3-4EF1-8905-91AE843AA2E7}" = dir=in | app=c:program files (x86)windows livemessengermsnmsgr.exe |

"{0C4D60A5-26AC-4706-8DF7-1B9D3AAAC73C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{19F7DB59-283C-4266-8492-59A25EA82CE5}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice12groove.exe |

"{1BB50686-C78F-445A-9E45-950DE517988B}" = protocol=17 | dir=in | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{299D1F23-6C94-4F6C-A216-1832C16A94ED}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12groove.exe |

"{3F220585-1275-42D4-9276-9362FC7ED513}" = protocol=17 | dir=in | app=%programfiles%windows media playerwmplayer.exe |

"{4FC1EA2C-4B83-4786-830A-0984FC45CFEB}" = protocol=6 | dir=in | app=c:program files (x86)veetleplayerveetlenet.exe |

"{52DA5C89-9C1D-4E6D-B25A-3F243FB6B3FE}" = dir=in | app=c:program files (x86)windows livecontactswlcomm.exe |

"{5DDCCAEB-05CA-4A2E-8AF5-F0E07966EBCD}" = dir=in | app=c:program files (x86)windows livemeshmoe.exe |

"{714A7B12-C54F-4F67-B9C4-D148B55CB36F}" = protocol=6 | dir=out | app=%programfiles(x86)%windows media playerwmplayer.exe |

"{7F3F51B4-C6DD-47F5-A4E9-0ABAEEE28EB5}" = protocol=6 | dir=in | app=c:program files (x86)microsoft officeoffice12onenote.exe |

"{8B22FF78-D448-4C76-930A-77195D7B7541}" = dir=in | app=c:program files (x86)cyberlinkpowerdirectorpdr8.exe |

"{9494BC77-4347-4C9D-8738-59B5025BCF67}" = protocol=6 | dir=in | app=c:program files (x86)veetleplayerveetlenet.exe |

"{97CB421A-DCDC-482B-BB3E-8FCEC2EA6B88}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{AC40DFCD-5B2E-4D52-B7F2-D5B13A53FF6C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{AD228DAC-E8A7-4D08-AF10-00A1E7D8750B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{B3150BC7-99B1-42CB-A64A-5842BEB00FE6}" = protocol=17 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{BBC81007-4FBC-4FD5-AF4C-44EB8F19D95B}" = dir=in | app=c:program files (x86)cyberlinkmedia+player10media+player10.exe |

"{CC3D19CB-451D-491A-9533-7BDD5D80C685}" = protocol=6 | dir=in | app=c:program files (x86)veetleplayerveetlenet.exe |

"{D07E8CD5-65EB-4C7A-AF9A-5DC0D6F6E5D4}" = protocol=6 | dir=out | app=%programfiles%windows media playerwmplayer.exe |

"{EB4E7257-45DA-4113-BA6D-017B3816A58E}" = protocol=17 | dir=in | app=c:program files (x86)microsoft officeoffice12onenote.exe |

"TCP Query User{B916F97B-5E6B-41CB-A6B7-C2AEC5E64E02}C:usersjohnappdatalocalgooglechromeapplicationchrome.exe" = protocol=6 | dir=in | app=c:usersjohnappdatalocalgooglechromeapplicationchrome.exe |

"UDP Query User{E3A7C90C-1F5D-44CA-BDAA-7785E3788793}C:usersjohnappdatalocalgooglechromeapplicationchrome.exe" = protocol=17 | dir=in | app=c:usersjohnappdatalocalgooglechromeapplicationchrome.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources

"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources

"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1B4ED54A-A741-5D36-40C6-0DA839CA033F}" = AMD Catalyst Install Manager

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources

"{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources

"{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources

"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources

"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources

"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources

"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources

"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources

"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources

"{45E3D837-4855-7F41-A22E-D1D0AEA71EF8}" = AMD Steady Video Plug-In

"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources

"{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources

"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources

"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources

"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources

"{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources

"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources

"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources

"{804F1A38-3B3F-7C26-4706-43765849773E}" = ccc-utility64

"{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources

"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources

"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources

"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources

"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources

"{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"CCleaner" = CCleaner

"Elantech" = ETDWare PS/2-X64 10.0.7.3_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"WinRAR archiver" = WinRAR 4.11 (64-bit)

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh

"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger

"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common

"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common

"{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지

"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack

"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B2D57D5-8BFD-4554-A9B6-CC8CC0580F1D}" = RealDownloader

"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack

"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail

"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh

"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer

"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar

"{122800FE-3AAF-4974-9FBD-54B023FA756A}" = „Windows Live Messenger“

"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack

"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker

"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings

"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials

"{17A9BA11-389A-C33D-508E-E0D05186FD2A}" = CCC Help Turkish

"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials

"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 5.8

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima

"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer

"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack

"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail

"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack

"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4

"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources

"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer

"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack

"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh

"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger

"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources

"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger

"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{332C7CD9-34DF-0157-3CBB-B0CA0A3E9F9E}" = CCC Help Spanish

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{343A6D63-E943-FFBE-C750-ED20422EC0EC}" = CCC Help Russian

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10

"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh

"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials

"{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3F357AC3-D10E-5F8E-5F0D-21813283A75B}" = CCC Help Greek

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials

"{4215D8AD-4EE5-0BFB-0D8A-A9B8134A2BA5}" = CCC Help English

"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer

"{4292173D-CDB8-7562-92FC-6ED59181D210}" = CCC Help German

"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common

"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger

"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live

"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials

"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer

"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger

"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack

"{4CBCDE18-2A92-5076-9C63-C3E70AA8D64F}" = CCC Help Italian

"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack

"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common

"{4EA30BB1-DDB2-2B98-891E-CED9A8132A81}" = CCC Help Thai

"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{50EE4129-2B14-D002-92A8-6A0503493B86}" = CCC Help Portuguese

"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers

"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta

"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일

"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack

"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources

"{542DA303-FB91-4731-9F37-6E518368D3B9}" = Windows Live Messenger

"{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack

"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri

"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh

"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources

"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer

"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack

"{5E664F04-69B7-242E-E68B-BB1CCAB3836E}" = CCC Help Danish

"{5E8C456C-2FDD-AE39-B9A3-53149E25449B}" = CCC Help Norwegian

"{5F702CEA-61F2-103B-68BF-8B7D38BC55F9}" = Catalyst Control Center Localization All

"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker

"{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail

"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker

"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials

"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker

"{66A98CB1-3256-1191-C302-D2F3FA9DD065}" = CCC Help Polish

"{66B0D063-011A-F89D-5628-F99D71FBD284}" = CCC Help Chinese Traditional

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer

"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack

"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger

"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh

"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker

"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common

"{6B77DDC6-93A8-4730-887E-C8F46728358F}" = Catalyst Control Center - Branding

"{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}" = Garmin WebUpdater

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger

"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker

"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials

"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer

"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh

"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár

"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack

"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources

"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker

"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh

"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{76CD3D3A-3419-B56C-C9ED-49EC12F2520C}" = CCC Help Chinese Standard

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack

"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common

"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources

"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live

"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger

"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live

"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common

"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live

"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common

"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources

"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop

"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources

"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources

"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh

"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials

"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail

"{83A9A723-239D-B643-C1E3-6F0D17A8F84C}" = Catalyst Control Center InstallProxy

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83D2FFB0-E378-49FE-8A53-580CA7B5761F}" = Windows Live Messenger

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common

"{846267F2-A5EF-2CE6-9FC3-3D24FDE64A2E}" = CCC Help Dutch

"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials

"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery

"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery

"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu

"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share

"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria

"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}" = Garmin City Navigator North America NT 2009 Update

"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker

"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker

"{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A3389C72-1782-4BB4-BBAA-33345DE52E3F}" = Windows Live Messenger

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh

"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger

"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources

"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials

"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh

"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration

"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail

"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common

"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh

"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common

"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live

"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher

"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources

"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija

"{B8BCB744-89CC-BD99-9740-E317835031C3}" = CCC Help Swedish

"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer

"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide

"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger

"{BD0C3887-64E6-41D8-9A38-BC6F34369352}" = Windows Live Messenger

"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common

"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi

"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker

"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh

"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger

"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live

"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials

"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh

"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer

"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}" = Microsoft Streets & Trips 2007

"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail

"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija

"{C886C799-FBD0-0A18-E992-DE26B964D727}" = CCC Help French

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer

"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live

"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger

"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker

"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common

"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer

"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery

"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija

"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker

"{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh

"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D47C66BE-0EB5-4587-93FE-D1E176C4B25C}" = Windows Live Messenger

"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{D8281314-4EEA-B91B-18C7-8A5C37A3E634}" = CCC Help Czech

"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources

"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker

"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail

"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer

"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0BE1488-4FEA-43AC-EA7E-B22AB7016A7C}" = AMD VISION Engine Control Center

"{E2DD7CF7-478A-2139-F601-0621DC9F0FD2}" = CCC Help Korean

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija

"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer

"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live

"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger

"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources

"{EA50969B-A027-5CC6-852A-31877EC40D92}" = CCC Help Hungarian

"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack

"{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh

"{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2979AAA-FDD7-4CB3-93BC-5C24D965D679}" = Windows Live Messenger

"{F35DC85A-E96B-496B-ABE7-F04192824856}" = Windows Live Messenger

"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack

"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources

"{F5FB1356-7F0A-0554-B287-336C3AF604B6}" = CCC Help Finnish

"{F5FE4120-A51D-997D-D313-D982B5336109}" = CCC Help Japanese

"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail

"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0

"{F783464C-C7C6-4E9B-AC40-BC90E5414BAF}" = Windows Live Messenger

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh

"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA20D803-14E5-4B00-8F03-B519D46F9D4A}" = Windows Live Messenger

"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail

"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker

"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie

"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials

"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials

"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker

"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger

"Absolute Uninstaller_is1" = Absolute Uninstaller 2.7.0.616

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon MOV Decoder" = Canon MOV Decoder

"CSVed_is1" = CSVed 2.2.2a

"DPP" = Canon Utilities Digital Photo Professional 3.7

"ENTERPRISE" = Microsoft Office Enterprise 2007

"EOS Utility" = Canon Utilities EOS Utility

"Foxit Reader_is1" = Foxit Reader

"Glary Utilities_is1" = Glary Utilities 2.46.0.1518

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite

"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MyCamera" = Canon Utilities MyCamera

"Pdf995" = Pdf995

"PhotoStitch" = Canon Utilities PhotoStitch

"Picture Style Editor" = Canon Utilities Picture Style Editor

"RGS-CardMaster_is1" = RGS-CardMaster v6.3.3

"Secunia PSI" = Secunia PSI (2.0.0.4003)

"Veetle TV" = Veetle TV

"VLC media player" = VLC media player 2.0.0

"WFTK" = Canon Utilities WFT-E1/E2/E3/E4/E5 Utility

"WinLiveSuite" = Windows Live 程式集

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 07/05/2012 8:51:12 PM | Computer Name = John-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownlo

Share this post


Link to post
Share on other sites

Security Check log.

 

 

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (2.0.0.4003)

Malwarebytes Anti-Malware version 1.61.0.1400

JavaFX 2.1.1

Java 7 Update 5

Java version out of date!

Adobe Reader X (10.1.3)

Google Chrome 19.0.1084.52

Google Chrome 19.0.1084.56

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

Hi. :)

 

I did not know the OTL was parcial.

No problem.

 

Check Java Version:

 

Please go here then click on the red tab named Verify Java Version

 

Make a note/copy the results etc.

 

Reset Windows 7 Firewall:

 

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

 

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.

 

Backup the Registry:

 

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:WINDOWSERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

 

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands

[CreateRestorePoint]

 

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.funmood...B&cr=1300736109

IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE:64bit: - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}

IE:64bit: - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome

IE - HKLM..SearchScopes,Backup.Old.DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}

IE - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM..SearchScopes{7B4D4325-10A3-2E17-A0C3-5743FC1385DB}: "URL" = http://isearch.glary...s}&src=iesearch

IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}

IE - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Backup.Old.Start Page = http://search.babylo...0008a039a88a6d3

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...referrer:source}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...&q={searchTerms}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3:64bit: - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

[2012/06/08 23:27:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)1ClickDownload

[2012/05/27 00:07:50 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/05/29 14:46:51 | 000,000,060 | ---- | M] () -- C:windowswpd99.drv

[2012/05/27 19:43:12 | 000,302,425 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods-speeddial.crx

[2012/05/27 19:43:12 | 000,031,470 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods.crx

 

:Files

ipconfig /flushdns /c

 

:Commands

[ResetHosts]

[EmptyTemp]

[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Result of Java version check.
  • OTL Log from the Custom Script.

Share this post


Link to post
Share on other sites

Dakeyras

I think I did all you ask for. I took a screen shot of a couple of sites I used to whatch live stream and now I can`t.

Photos of a couple of sites without playing video where before I could see. http://sdrv.ms/LPShiF

I can not see live or even youtube videos.

 

I have the cd recovery for the computer maybe there is some corrupted files.

 

Here are the logs

 

Verified Java Version:

 

Verified Java Version

Congratulations!

You have the recommended Java installed (Version 7 Update 5).

 

 

 

Log: 06142012_230130

 

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

Error: Unable to interpret <IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.funmood...B&cr=1300736109> in the current context!

Error: Unable to interpret < IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}> in the current context!

Error: Unable to interpret < IE:64bit: - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}> in the current context!

Error: Unable to interpret < IE:64bit: - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109> in the current context!

Error: Unable to interpret < IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome> in the current context!

Error: Unable to interpret < IE - HKLM..SearchScopes,Backup.Old.DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}> in the current context!

Error: Unable to interpret < IE - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}> in the current context!

Error: Unable to interpret < IE - HKLM..SearchScopes{7B4D4325-10A3-2E17-A0C3-5743FC1385DB}: "URL" = http://isearch.glary...s}&src=iesearch> in the current context!

Error: Unable to interpret < IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}> in the current context!

Error: Unable to interpret < IE - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Backup.Old.Start Page = http://search.babylo...0008a039a88a6d3> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}> in the current context!

Error: Unable to interpret < IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch> in the current context!

Error: Unable to interpret < O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.> in the current context!

Error: Unable to interpret < O3:64bit: - HKLM..Toolbar: (no name) - 10 - No CLSID value found.> in the current context!

Error: Unable to interpret < O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.> in the current context!

Error: Unable to interpret < O3 - HKLM..Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.> in the current context!

Error: Unable to interpret < O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.> in the current context!

Error: Unable to interpret < O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.> in the current context!

Error: Unable to interpret < O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.> in the current context!

Error: Unable to interpret < O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.> in the current context!

Error: Unable to interpret < O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found> in the current context!

Error: Unable to interpret < O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerlivecall - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerms-help - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerms-itss - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlermsnim - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerskype4com - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found> in the current context!

Error: Unable to interpret < O18:64bit: - ProtocolHandlerwlpg - No CLSID value found> in the current context!

Error: Unable to interpret < [2012/06/08 23:27:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)1ClickDownload> in the current context!

Error: Unable to interpret < [2012/05/27 00:07:50 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro> in the current context!

Error: Unable to interpret < [2012/05/29 14:46:51 | 000,000,060 | ---- | M] () -- C:windowswpd99.drv> in the current context!

Error: Unable to interpret < [2012/05/27 19:43:12 | 000,302,425 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods-speeddial.crx> in the current context!

Error: Unable to interpret < [2012/05/27 19:43:12 | 000,031,470 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods.crx> in the current context!

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:UsersJohnDesktopHJT logscmd.bat deleted successfully.

C:UsersJohnDesktopHJT logscmd.txt deleted successfully.

========== COMMANDS ==========

C:windowsSystem32driversetcHosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: John

->Temp folder emptied: 235337964 bytes

->Temporary Internet Files folder emptied: 16873958 bytes

->Java cache emptied: 2208728 bytes

->FireFox cache emptied: 120802873 bytes

->Google Chrome cache emptied: 18953947 bytes

->Flash cache emptied: 548 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1893951 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 50400 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 378.00 mb

 

 

OTL by OldTimer - Version 3.2.48.0 log created on 06142012_230130

FilesFolders moved on Reboot...

C:UsersJohnAppDataLocalTemp{138A734E-BBEE-4436-9F4D-03921D1E6614}fpb.tmp moved successfully.

C:UsersJohnAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

 

Thank you.

Share this post


Link to post
Share on other sites

Hi. :)

 

Before we go any further run the below custom OTL script for me please as follows, then in turn post back the log it creates and we will go from there...

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:OTL

IE:64bit: - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://start.funmood...B&cr=1300736109

IE:64bit: - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

E:64bit: - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE:64bit: - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome

IE - HKLM..SearchScopes,Backup.Old.DefaultScope = {c1d89ae7-449d-4929-b24b-fded04adbe06}

IE - HKLM..SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM..SearchScopes{7B4D4325-10A3-2E17-A0C3-5743FC1385DB}: "URL" = http://isearch.glary...s}&src=iesearch

IE - HKLM..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKLM..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://start.funmood...B&cr=1300736109

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Backup.Old.Start Page = http://search.babylo...0008a039a88a6d3

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMain,Default_Page_URL = http://isearch.glary...com/?src=iehome

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes,DefaultScope = {0388404D-6072-4CEB-B521-8F090FEAEE57}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow...eferrer:source}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKUS-1-5-21-839072158-3120938179-813264055-1000..SearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" = http://isearch.glary...s}&src=iesearch

O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3:64bit: - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM..Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKUS-1-5-21-839072158-3120938179-813264055-1000..ToolbarWebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O4 - HKUS-1-5-19..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O4 - HKUS-1-5-20..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe File not found

O18:64bit: - ProtocolHandlergrooveLocalGWS - No CLSID value found

O18:64bit: - ProtocolHandlerlivecall - No CLSID value found

O18:64bit: - ProtocolHandlerms-help - No CLSID value found

O18:64bit: - ProtocolHandlerms-itss - No CLSID value found

O18:64bit: - ProtocolHandlermsnim - No CLSID value found

O18:64bit: - ProtocolHandlerskype4com - No CLSID value found

O18:64bit: - ProtocolHandlerwlmailhtml - No CLSID value found

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

[2012/06/08 23:27:38 | 000,000,000 | ---D | C] -- C:Program Files (x86)1ClickDownload

[2012/05/27 00:07:50 | 000,000,000 | ---D | C] -- C:Program Files (x86)Trend Micro

[2012/05/29 14:46:51 | 000,000,060 | ---- | M] () -- C:windowswpd99.drv

[2012/05/27 19:43:12 | 000,302,425 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods-speeddial.crx

[2012/05/27 19:43:12 | 000,031,470 | ---- | M] () -- C:UsersJohnAppDataLocalfunmoods.crx

 

:Commands

[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Share this post


Link to post
Share on other sites

Dakeyras

 

All this started when I updated firefox and now I have been reading so many solutions but I can not find solution.

 

 

OTL Log:

 

All processes killed

========== OTL ==========

HKLMSOFTWAREMicrosoftInternet ExplorerMainStart Page| /E : value set successfully!

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c1d89ae7-449d-4929-b24b-fded04adbe06} not found.

HKLMSOFTWAREMicrosoftInternet ExplorerMainDefault_Page_URL| /E : value set successfully!

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{7B4D4325-10A3-2E17-A0C3-5743FC1385DB} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7B4D4325-10A3-2E17-A0C3-5743FC1385DB} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} not found.

Registry key HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerSearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c1d89ae7-449d-4929-b24b-fded04adbe06} not found.

HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMainBackup.Old.Start Page| /E : value set successfully!

HKUS-1-5-21-839072158-3120938179-813264055-1000SOFTWAREMicrosoftInternet ExplorerMainDefault_Page_URL| /E : value set successfully!

HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerSearchScopesDefaultScope| /E : value set successfully!

Registry key HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerSearchScopes{0388404D-6072-4CEB-B521-8F090FEAEE57} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{0388404D-6072-4CEB-B521-8F090FEAEE57} not found.

Registry key HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} not found.

Registry key HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerSearchScopes{c1d89ae7-449d-4929-b24b-fded04adbe06} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{c1d89ae7-449d-4929-b24b-fded04adbe06} not found.

Registry key HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} not found.

64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{99079a25-328f-4bd4-be04-00955acaa0a7} not found.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbar10 deleted successfully.

Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerToolbarLocked deleted successfully.

Registry value HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

Registry value HKEY_USERSS-1-5-21-839072158-3120938179-813264055-1000SoftwareMicrosoftInternet ExplorerToolbarWebBrowser{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{D4027C7F-154A-4066-A1AD-4243D8127440} not found.

Registry value HKEY_USERSS-1-5-19SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin deleted successfully.

Registry value HKEY_USERSS-1-5-20SoftwareMicrosoftWindowsCurrentVersionRunOncemctadmin deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlergrooveLocalGWS deleted successfully.

File ProtocolHandlergrooveLocalGWS - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerlivecall deleted successfully.

File ProtocolHandlerlivecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerms-help deleted successfully.

File ProtocolHandlerms-help - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerms-itss deleted successfully.

File ProtocolHandlerms-itss - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlermsnim deleted successfully.

File ProtocolHandlermsnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerskype4com deleted successfully.

File ProtocolHandlerskype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlmailhtml deleted successfully.

File ProtocolHandlerwlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINESOFTWAREClassesPROTOCOLSHandlerwlpg deleted successfully.

File ProtocolHandlerwlpg - No CLSID value found not found.

C:Program Files (x86)1ClickDownload folder moved successfully.

C:Program Files (x86)Trend MicroHijackThis folder moved successfully.

C:Program Files (x86)Trend Micro folder moved successfully.

C:Windowswpd99.drv moved successfully.

C:UsersJohnAppDataLocalfunmoods-speeddial.crx moved successfully.

C:UsersJohnAppDataLocalfunmoods.crx moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: John

->Temp folder emptied: 11021837 bytes

->Temporary Internet Files folder emptied: 9016975 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 101697955 bytes

->Google Chrome cache emptied: 29856341 bytes

->Flash cache emptied: 618 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%System32 .tmp files removed: 0 bytes

%systemroot%System32 (64bit) .tmp files removed: 0 bytes

%systemroot%System32drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 72732 bytes

%systemroot%sysnativeconfigsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 327904 bytes

 

Total Files Cleaned = 145.00 mb

 

 

OTL by OldTimer - Version 3.2.48.0 log created on 06152012_112553

FilesFolders moved on Reboot...

C:UsersJohnAppDataLocalTempLowREGD068.tmp moved successfully.

C:UsersJohnAppDataLocalTempLowREGF8A.tmp moved successfully.

C:UsersJohnAppDataLocalTempFXSAPIDebugLogFile.txt moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5YWY9JHA0fastbutton[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5YWY9JHA0index[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5YWY9JHA0sympatico_ca[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5YWY9JHA0xd_arbiter[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE5Y3WJIYC9xd_arbiter[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowContent.IE584WXH9Y5like[1].htm moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowAntiPhishingED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:UsersJohnAppDataLocalMicrosoftWindowsTemporary Internet FilesLowMSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

 

 

Thank you for your kind help

Share this post


Link to post
Share on other sites

Hi. :)

 

All this started when I updated firefox and now I have been reading so many solutions but I can not find solution.

OK, once I am satisfied malware is no longer a issue we can try to address this...

 

Thank you for your kind help

You're welcome!

 

ESET Online Scanner:

 

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

 

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:Program Files (x86)/ESET/ESET Online Scannerlog.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Share this post


Link to post
Share on other sites

Dakeyras

 

I am so sorry for getting back his late. I was not feeling good. I am in a lot of pain from a previous accident and from time to time I am so incapacitated that is not funny.

Now it is time to send you the scan you asked for.

 

ESEt log:

 

This was the only thing showing up;

C:UsersJohnDocumentsJohn`s FilesEXE FilesVideo convertervideora-ipod-600-setup.exe Win32/OpenCandy application

 

I went and deleted it, this was a file I downloaded but I did not implemented.

 

 

I did a scan on line with kaspersky and nothing showed up.

I must say my laptop is running better.

 

I did find that Firebox had to be reset.

 

As for the video not showing up I did read that Firebox and flash player reset I did that and now It is ok.

I did go to Firebox, help, troubleshooting and reset Firebox.

After I restarted the laptop and try the same web sites and I was able to see videos on YouTube and live streaming. I did watch here the crossing of Niagara Falls on tight rope.

 

Thank you for your effort and help.

Share this post


Link to post
Share on other sites

Hi. :)

 

I am so sorry for getting back his late. I was not feeling good. I am in a lot of pain from a previous accident and from time to time I am so incapacitated that is not funny.

Not a problem and I sincerely hope you are feeling better soon.

 

I went and deleted it, this was a file I downloaded but I did not implemented.

OK.

 

I did a scan on line with kaspersky and nothing showed up.

I must say my laptop is running better.

 

I did find that Firebox had to be reset.

 

As for the video not showing up I did read that Firebox and flash player reset I did that and now It is ok.

I did go to Firebox, help, troubleshooting and reset Firebox.

After I restarted the laptop and try the same web sites and I was able to see videos on YouTube and live streaming. I did watch here the crossing of Niagara Falls on tight rope.

Good.

 

Thank you for your effort and help.

You're most welcome...Congratulations your computer appears to be malware free!

 

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

 

Importance of Regular System Maintenance:

 

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

 

Help! My computer is slow!

 

Also so is this:

 

What to do if your Computer is running slowly

 

Clean up with OTL:

  • Right-click OTL and select Run as Administrator to start the program.
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, depress the CleanUp button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
The above process should clean up and remove the vast majority of scanners used and logs created etc.

 

Any left over merely delete yourself and empty the Recycle Bin.

 

Reset the System Restore points:

 

Create a new, clean System Restore point:-

  • Right click on Computer and select Properties >> System protection >> Create.
  • Give this restore point a descriptive name and click Create.
  • When the new restore point is created click on OK >> close the System properties window.
Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

 

Flush Old System Restore points:-

  • Next click Start(Windows 7 orb >> Run (or the Windows key and R together) to bring up the Run box and and copy and paste in:

    cleanmgr
  • in the box and press OK.
  • Select the system drive, C >> OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Click on Clean up system files >> Select the system drive, C >> OK.
  • Now click on the More Options tab.
  • Under:-
System Restore and Shadow Copies

  • Click on Clean up... >> Delete >> OK >> Delete Files.
Now some advice for on-line safety:

 

Malwarebyte's Anti-Malware:

 

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per a week.

 

Other installed security software:

 

Your presently installed security application, Microsoft Security Essentials automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

 

I advise you also run a complete scan with this also at least once per week.

 

Erunt:

 

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

 

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

 

Keep your system updated:

 

Microsoft releases patches for Windows and other products regularly:

  • Click on Start(Windows 7 Orb) >> All Programs >> Windows Update.
  • In the navigation pane, click Check for updates.
  • After Windows Update has finished checking for updates, click View available updates.
  • Click to select the check box for any found, then click Install.
  • When completed Reboot(restart) your computer if not prompted to do so.
Be careful when opening attachments and downloading files:

 

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

Never open emails from unknown senders.

Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

 

Stop malicious scripts:

 

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

 

Avoid Peer to Peer software:

 

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

 

Hosts File:

 

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

 

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

 

Here are some Hosts files:

Only use one of the above!

 

Install WinPatrol:

 

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

 

Download it from here.

 

You can find information about how WinPatrol works here.

 

Check your third party software is upto date:

 

Via visiting the Secunia Online Software Inspector periodically.

 

Next:

 

This is a very helpful/useful set of advice from Microsoft: Microsoft Safety & Security Center

 

Any questions? Feel free to ask, if not stay safe!

Share this post


Link to post
Share on other sites

Dakeyras

 

I am thankful for your time and advice. I will go through the information you suggested in order to keep my system clean and safe. In view of my situation.

I rely on my computer to keep in touch with friends.

I need my system to run well and safe because I have to use it on safe sites.

You said to keep this program (Erunt) Emergency Recovery Utility NT installed to keep a complete backup of your registry and restore it when needed.

This Erunt / NTREGOPT program say that optimizes the registry files of windows NT/2000/XP. and I have windows 7 .

 

Thank you.

Share this post


Link to post
Share on other sites

Hi. :)

 

NTREGOPT program say that optimizes the registry files of windows NT/2000/XP. and I have windows 7 .

This feature will actually work with Windows 7, however it will not actually make any difference to the registry per say and in all likely hood you would not notice any advantages/improvements at all. My advice is merely do not use it at all and just stick with using Erunt to create a backup periodically etc.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

 

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

 

Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×