PDA

View Full Version : Laptop with possible infection



SnowBum
2011-02-02, 23:33
Hello and thank you for helping.

I'm looking at a friends laptop which won't boot into normal Windows. It will boot into safe mode with networking. I've downloaded and ran Spybot search & destroy, Malwareytes Anti-malware, SUPERAntiSpyware free edition and also Advanced SystemCare free version. These all found various infections/malware and removed them. The friend also managed to use a system recovery disc but that seemed to make things worse.

Here is the DDS log & i have attached the required DDS log:-

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by sharon at 21:07:16.32 on 02/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2538 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
S2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 17:38:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{10663334-f8a0-470e-8ab7-0a3cc144118f}\mpengine.dll
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:50 -------- d-----w- c:\program files\PriceGong
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 19:21:48 -------- d-----w- c:\program files\alot
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}
2011-01-13 16:27:05 -------- d-----w- c:\users\sharon\appdata\local\{39653FED-3D38-4DAD-902C-CDF26DD5F103}
2011-01-12 16:10:14 -------- d-----w- c:\users\sharon\appdata\local\{63A4F272-E935-43F8-9D36-80540BE60DD3}
2011-01-11 16:13:43 -------- d-----w- c:\users\sharon\appdata\local\{4ADA1D10-8CDD-470F-B402-68CA4DD97F35}
2011-01-10 16:32:29 -------- d-----w- c:\users\sharon\appdata\local\{C31DA975-DD65-4C3E-BD85-1D4592D97530}
2011-01-09 09:55:03 -------- d-----w- c:\users\sharon\appdata\local\{5407061F-F962-4526-9B6E-D45D662148FF}
2011-01-08 11:37:45 -------- d-----w- c:\users\sharon\appdata\local\{6B328144-8707-4010-ABD6-FA9E4D278CEE}
2011-01-07 23:16:15 -------- d-----w- c:\users\sharon\appdata\local\{35E8201E-859B-4C0D-881E-81199973B126}
2011-01-07 07:38:57 -------- d-----w- c:\users\sharon\appdata\local\{D6EE3FCA-7F94-42C5-84D5-8FEBB358B49A}
2011-01-06 16:07:47 -------- d-----w- c:\users\sharon\appdata\local\{E0F3EF1D-C638-467B-AC0B-1B022D75D208}
2011-01-05 09:12:15 -------- d-----w- c:\users\sharon\appdata\local\{D7C8C36A-1390-4786-B079-F45AA4BCF46D}
2011-01-04 10:02:36 -------- d-----w- c:\users\sharon\appdata\local\{B58DAC72-87DE-4503-9255-7229466541AB}

==================== Find3M ====================

2010-11-10 02:54:18 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-11-10 02:28:46 301936 ----a-w- c:\windows\WLXPGSS.SCR

============= FINISH: 21:08:24.50 ===============
Edit

Hello SnowBum,


I'm looking at a friends laptop which won't boot into normal Windows.
Any reason your friend isn't posting in the first person? :)

Best regards.

Because they're one of these people who buy a laptop, go online on all sorts of sites and then are stuck when their laptop starts locking up and freezing.

I'm constantly getting laptops/PCs from friends and family to look at. Most of the time i can clear the rubbish slowing them down but occasionally i need more expert help. Hence why i'm here again.

Baabiouz
2011-02-11, 19:59
Hello

Do you have any logs of Spybot search & destroy, Malwareytes Anti-malware or SUPERAntiSpyware?

Please post a fresh DDS log back here so we can see latest state. :bigthumb:

SnowBum
2011-02-12, 14:24
Thank you for taking this case.

All of the following have been performed in Safe Mode. I've attached the latest Spybot S&D, Malwarebytes Anti-malware & SUPERAntispyware logs and the DDS attach file. The laptop will boot into Safe Mode with no problems but still won't boot to normal desktop, it just appears to hang with a black screen. This is the latest DDS log file:-


DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by sharon at 12:11:36.97 on 12/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.2541 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\Downloads\dds (1).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
mURLSearchHooks: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
mURLSearchHooks: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyn1.dll
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: SearchElf 1.2 Toolbar: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - c:\program files\searchelf_1.2\tbSear.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
S2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
S2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 17:38:08 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{10663334-f8a0-470e-8ab7-0a3cc144118f}\mpengine.dll
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:50 -------- d-----w- c:\program files\PriceGong
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 19:21:48 -------- d-----w- c:\program files\alot
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}
2011-01-13 16:27:05 -------- d-----w- c:\users\sharon\appdata\local\{39653FED-3D38-4DAD-902C-CDF26DD5F103}

==================== Find3M ====================


============= FINISH: 12:12:48.86 ===============

Baabiouz
2011-02-12, 16:53
Hello

Step #1
Please click on Start > Control Panel > Add/Remove Programs (http://www.bleepingcomputer.com/forums/topic42133.html) and uninstall the following programs(if present):

ALOT Toolbar
Ask Toolbar
kikin plugin 2.4
MediaBar
PriceGong
SearchElf 1.2 Toolbar
Zynga Toolbar



Reboot your computer.


Step #2
Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):


c:\program files\zynga
c:\program files\searchelf_1.2
c:\progra~1\bearsh~1\mediabar
c:\program files\alot
c:\program files\pricegong
c:\program files\conduitengine
c:\program files\ask.com
c:\program files\kikin


Step #3

1. Go to Start->Run and type in notepad and hit OK.
2. Then copy and paste the content of the following codebox into Notepad:

dir c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF} /s > c:\foldercheck.txt

3. Save the file as "check.bat". Make sure to save it with the quotation marks.

4. Double click check.bat.

5. It will create C:\Foldercheck.txt file. Post contents of C:\Foldercheck.txt in your next reply.


Step #4
Please download ATF-cleaner (http://www.atribune.org/ccount/click.php?id=1) and save it to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser:

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser:

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step #5
I'd like us to scan your machine with ESET OnlineScan
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png



Step #6
Please post Eset results, Foldercheck.txt and a frehs DDS log back here.

SnowBum
2011-02-12, 21:30
Ok, all steps completed. Zipped logs added

New DDS log:-

DDS (Ver_10-12-12.02) - NTFSx86
Run by sharon at 19:25:06.74 on 12/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1510 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\PC Speed Maximizer\SPMTray.exe
C:\Program Files\PC Speed Maximizer\Startw3i.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\McAfee Security Scan\3.0.188\McUicnt.exe
C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ares] "c:\program files\ares\Ares.exe" -h
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-12 17:42:33 -------- d-----w- c:\program files\ESET
2011-02-12 17:29:11 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6f7f3a3f-0405-4e70-b08e-e4dc80228f6f}\mpengine.dll
2011-02-12 17:23:41 -------- d-----w- c:\users\sharon\appdata\local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}
2011-01-14 17:12:20 -------- d-----w- c:\users\sharon\appdata\local\{D91FC54A-4BBE-4D80-8CB9-460881DD6017}

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 19:26:14.61 ===============

Baabiouz
2011-02-12, 21:48
Hello

Did you uninstall Mediabar and remove the folder:
c:\program files\bearshare\mediabar ?

SnowBum
2011-02-13, 00:18
Hello

Yes, mediabar is uninstalled and i deleted the mediabar folder. Although the folder path was slightly different:-

c:/Program Files/BearShare Applications/BearShare

Baabiouz
2011-02-13, 10:16
Hello

Backup Your Registry with ERUNT
Please click HERE (http://aumha.org/downloads/erunt.zip) to download Erunt.zip
Unzip all the files into a folder of your choice.Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0974ba1e-64ec-11de-b2a5-e43756d89593}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0974ba1e-64ec-11de-b2a5-e43756d89593}"=-




Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.


_______________


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it.
This is only a short scan.
Once the short scan has finished, Click Options > Change settings
Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
Back at the main window, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' i at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gifat the right, and the scan will start.
his will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply



Please post Dr.web cureit log and a fresh dds log back here. :)

SnowBum
2011-02-13, 21:46
I've completed all of those steps.

I made a mistake on the DrWeb-Cureit and left the "heuristic analysis" turned on for the full scan. I've posted both logs, the "DrWeb" one is the first scan, the "DrWeb2" is the second.


DDS (Ver_10-12-12.02) - NTFSx86
Run by sharon at 19:32:51.63 on 13/02/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3033.1751 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\PC Speed Maximizer\SPMTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\OFFICE~1\SETUP.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\sharon\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [Google Update] "c:\users\sharon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [PC Speed Maximizer] c:\program files\pc speed maximizer\SPMStarter.exe
uRun: [SPMTray] c:\program files\pc speed maximizer\SPMTray.exe
uRun: [Startw3i] c:\program files\pc speed maximizer\Startw3i.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.188\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-27 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-27 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-27 656320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-1-31 1153368]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-27 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-27 1145304]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-19 135664]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.7.0.10\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.7.0.10\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.7.0.10\ccSvcHst.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-28 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.188\McCHSvc.exe [2010-10-5 237008]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-11-21 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

=============== Created Last 30 ================

2011-02-13 11:38:56 -------- d-----w- c:\users\sharon\DoctorWeb
2011-02-13 11:25:00 -------- d-----w- c:\users\sharon\appdata\local\{95AC3E84-FDB2-49B9-9849-0BDDCA43D65A}
2011-02-12 19:36:39 -------- d-----w- c:\windows\system32\x64
2011-02-12 17:42:33 -------- d-----w- c:\program files\ESET
2011-02-12 17:33:07 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-12 17:33:06 2329088 ----a-w- c:\windows\system32\win32k.sys
2011-02-12 17:33:05 541184 ----a-w- c:\windows\system32\kerberos.dll
2011-02-12 17:33:00 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-02-12 17:29:11 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{6f7f3a3f-0405-4e70-b08e-e4dc80228f6f}\mpengine.dll
2011-02-12 17:23:41 -------- d-----w- c:\users\sharon\appdata\local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
2011-02-01 18:42:38 -------- d-----w- c:\users\sharon\appdata\roaming\IObit
2011-02-01 18:42:38 -------- d-----w- c:\program files\IObit
2011-01-31 23:49:47 2594584 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2011-01-31 23:49:25 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
2011-01-31 23:49:19 710976 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll
2011-01-31 23:35:31 -------- d-----w- c:\progra~2\MFAData
2011-01-31 21:17:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-01-31 21:17:01 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-01-31 20:36:46 -------- d-----w- c:\users\sharon\appdata\roaming\SUPERAntiSpyware.com
2011-01-31 20:36:46 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-01-31 20:36:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-31 19:45:34 -------- d-----w- c:\users\sharon\appdata\roaming\Malwarebytes
2011-01-31 19:45:31 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-31 19:45:30 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-31 19:45:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-31 19:45:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-31 07:51:47 -------- d-----w- c:\users\sharon\appdata\local\{743DA19D-3694-4675-B598-07C0EF4113DF}
2011-01-30 19:49:22 -------- d-----w- c:\users\sharon\appdata\local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
2011-01-30 12:21:12 -------- d-----w- c:\progra~2\CED
2011-01-30 12:21:04 -------- d-----w- c:\users\sharon\appdata\local\BearShare
2011-01-30 12:20:05 -------- d-----w- c:\program files\BearShare Applications
2011-01-30 12:20:05 -------- d-----w- c:\progra~2\BearShare
2011-01-30 12:19:49 -------- dc-h--w- c:\progra~2\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
2011-01-30 07:48:01 -------- d-----w- c:\users\sharon\appdata\local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
2011-01-28 21:19:30 -------- d-----w- c:\users\sharon\appdata\local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
2011-01-28 07:43:50 -------- d-----w- c:\users\sharon\appdata\local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
2011-01-27 19:43:27 -------- d-----w- c:\users\sharon\appdata\local\{349BF481-9E26-45A2-9E34-83391E176AC3}
2011-01-27 07:43:02 -------- d-----w- c:\users\sharon\appdata\local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
2011-01-26 16:14:16 -------- d-----w- c:\users\sharon\appdata\local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
2011-01-25 16:05:48 -------- d-----w- c:\users\sharon\appdata\local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
2011-01-24 20:18:39 -------- d-----w- c:\users\sharon\appdata\local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
2011-01-24 07:17:51 -------- d-----w- c:\users\sharon\appdata\local\{93329040-B0E2-4128-BFE7-42FB0E233835}
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\RegistryKeys
2011-01-23 16:51:50 -------- d-----w- c:\users\sharon\appdata\roaming\PC Speed Maximizer
2011-01-23 16:22:30 -------- d-----w- c:\users\sharon\appdata\roaming\com.w3i.intune
2011-01-23 16:22:00 -------- d-----w- c:\program files\inTuneMP3
2011-01-23 16:21:29 -------- d-----w- c:\users\sharon\appdata\local\Yahoo
2011-01-23 16:21:26 -------- d-----w- c:\program files\W3i
2011-01-23 16:21:26 -------- d-----w- c:\progra~2\W3i
2011-01-23 16:21:17 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-01-23 16:21:07 -------- d-----w- c:\program files\PC Speed Maximizer
2011-01-23 16:20:59 -------- d-----w- c:\program files\Freeze.com
2011-01-23 16:20:46 -------- d-----w- c:\program files\Yahoo!
2011-01-23 16:11:16 -------- d-----w- c:\users\sharon\appdata\local\Ares
2011-01-23 16:11:07 -------- d-----w- c:\program files\Ares
2011-01-23 10:11:17 -------- d-----w- c:\users\sharon\appdata\local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
2011-01-22 21:06:25 -------- d-----w- c:\users\sharon\appdata\local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
2011-01-21 17:06:03 -------- d-----w- c:\users\sharon\appdata\local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Deployment
2011-01-21 16:56:37 -------- d-----w- c:\users\sharon\appdata\local\Apps
2011-01-21 16:55:19 -------- d-----w- c:\users\sharon\appdata\local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
2011-01-20 16:40:16 -------- d-----w- c:\users\sharon\appdata\local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
2011-01-19 17:08:23 -------- d-----w- c:\users\sharon\appdata\local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
2011-01-18 06:56:15 -------- d-----w- c:\users\sharon\appdata\local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
2011-01-17 08:05:29 -------- d-----w- c:\users\sharon\appdata\local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
2011-01-16 08:25:54 -------- d-----w- c:\users\sharon\appdata\local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
2011-01-15 10:29:34 -------- d-----w- c:\users\sharon\appdata\local\{866229F9-E917-4F59-B3F6-292D1BEE8FBA}

==================== Find3M ====================

2011-02-02 17:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-12-21 05:38:24 73728 ----a-w- c:\windows\system32\wscsvc.dll
2010-12-21 05:38:24 51200 ----a-w- c:\windows\system32\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- c:\windows\system32\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- c:\windows\system32\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- c:\windows\system32\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- c:\windows\system32\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- c:\windows\system32\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- c:\windows\system32\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- c:\windows\system32\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- c:\windows\system32\davclnt.dll
2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec
2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 19:34:02.20 ===============

Baabiouz
2011-02-14, 07:50
Hello

How's your computer working?

Let's see OTL log:

We need to create an OTL Report
Please download OTL from one of the following mirrors:
This is THE Mirror (http://oldtimer.geekstogo.com/OTL.exe)

Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png icon on your desktop.
Click the "Scan All Users" checkbox.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runscanbutton.png button.
Two reports will open, copy and paste them in a reply here:
OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized

SnowBum
2011-02-14, 16:47
The laptop appears to be working fine now, no obvious signs of anything wrong.

The OTL.txt:-


OTL logfile created on: 14/02/2011 14:36:02 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\sharon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.77 Gb Total Space | 104.95 Gb Free Space | 75.08% Space Free | Partition Type: NTFS

Computer Name: SHARON-PC | User Name: sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/14 14:35:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sharon\Downloads\OTL.exe
PRC - [2011/02/10 03:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2011/01/13 15:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/12/18 15:38:13 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/11/24 12:09:30 | 000,173,328 | ---- | M] (Avanquest Software) -- C:\Program Files\PC Speed Maximizer\Startw3i.exe
PRC - [2010/11/23 11:10:52 | 000,205,584 | ---- | M] (Avanquest Software) -- C:\Program Files\PC Speed Maximizer\SPMTray.exe
PRC - [2010/10/05 02:27:16 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 14:54:16 | 000,516,608 | ---- | M] (ODM) -- C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
PRC - [2009/08/26 01:17:16 | 007,723,552 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/31 22:25:12 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/31 16:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe


========== Modules (SafeList) ==========

MOD - [2011/02/14 14:35:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sharon\Downloads\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/11/21 09:24:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/02 04:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/05 02:27:16 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/08/25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/25 19:26:36 | 002,758,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/01 10:03:10 | 000,372,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187Se.sys -- (RTL8187Se)
DRV - [2009/06/25 19:26:10 | 000,212,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/04 16:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/26 04:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/22 22:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/05/11 12:16:34 | 000,015,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveIO.sys -- (LiveIO)
DRV - [2009/05/06 10:32:08 | 000,004,096 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livekbc.sys -- (Livekbc)
DRV - [2009/05/06 10:28:42 | 000,003,968 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livemouclass.sys -- (Livemouclass)
DRV - [2009/05/06 10:23:56 | 000,004,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/02/11 19:24:06 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\SPMStarter.exe ()
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [Reminder] C:\Program Files\TTG\Reminder\Reminder.exe (DSG Retail Ltd)
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe (Avanquest Software)
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe (Avanquest Software)
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3988009634-3639699477-678770399-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 14:27:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{5C89DEE7-A518-4F82-AC4F-525BB3E3426A}
[2011/02/13 11:38:56 | 000,000,000 | ---D | C] -- C:\Users\sharon\DoctorWeb
[2011/02/13 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{95AC3E84-FDB2-49B9-9849-0BDDCA43D65A}
[2011/02/12 19:36:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/02/12 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/12 17:33:07 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/12 17:33:06 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/12 17:33:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/12 17:33:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/12 17:32:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/12 17:32:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/12 17:32:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/12 17:32:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/12 17:32:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/12 17:32:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/12 17:32:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/12 17:32:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/12 17:32:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/12 17:32:46 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/12 17:32:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/12 17:32:44 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/12 17:32:44 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/12 17:32:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/12 17:32:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/12 17:32:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/12 17:32:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/12 17:23:41 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
[2011/02/11 19:20:31 | 000,000,000 | ---D | C] -- C:\Users\sharon\Desktop\logs
[2011/02/02 21:06:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/01 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/02/01 18:42:38 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\IObit
[2011/02/01 18:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/31 23:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/31 21:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/31 21:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/31 21:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/31 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/31 20:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/31 20:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/31 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/31 19:45:34 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Malwarebytes
[2011/01/31 19:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/31 19:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/31 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/31 19:45:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/31 19:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 07:51:47 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{743DA19D-3694-4675-B598-07C0EF4113DF}
[2011/01/30 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
[2011/01/30 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CED
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\My Received Files
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\BearShare
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\BearShare
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
[2011/01/30 12:19:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
[2011/01/30 07:48:01 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
[2011/01/28 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
[2011/01/28 07:43:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
[2011/01/27 19:43:27 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{349BF481-9E26-45A2-9E34-83391E176AC3}
[2011/01/27 07:43:02 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
[2011/01/26 16:14:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
[2011/01/25 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
[2011/01/24 20:18:39 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
[2011/01/24 07:17:51 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{93329040-B0E2-4128-BFE7-42FB0E233835}
[2011/01/23 16:51:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\RegistryKeys
[2011/01/23 16:51:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\PC Speed Maximizer
[2011/01/23 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\webkit
[2011/01/23 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\com.w3i.intune
[2011/01/23 16:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inTuneMP3
[2011/01/23 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\inTuneMP3
[2011/01/23 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Yahoo
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
[2011/01/23 16:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2011/01/23 16:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/01/23 16:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Maximizer
[2011/01/23 16:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2011/01/23 16:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/01/23 16:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/01/23 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Yahoo!
[2011/01/23 16:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/23 16:11:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Ares
[2011/01/23 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
[2011/01/23 16:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/01/23 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2011/01/23 10:11:17 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
[2011/01/22 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
[2011/01/21 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
[2011/01/21 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Deployment
[2011/01/21 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Apps
[2011/01/21 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
[2011/01/20 18:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/01/20 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
[2011/01/19 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
[2011/01/18 06:56:15 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
[2011/01/17 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
[2011/01/16 08:25:54 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/02/14 14:34:21 | 000,018,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 14:34:21 | 000,018,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 14:27:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/14 14:26:29 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2011/02/14 14:26:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/14 14:26:02 | 2385,170,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/13 19:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/13 19:04:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3988009634-3639699477-678770399-1000UA.job
[2011/02/13 11:33:06 | 000,001,092 | ---- | M] () -- C:\Users\sharon\Desktop\fix.reg
[2011/02/12 19:40:46 | 000,340,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/12 19:35:50 | 001,020,142 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/02/12 18:15:24 | 000,002,411 | ---- | M] () -- C:\Users\sharon\Desktop\Google Chrome.lnk
[2011/02/12 17:34:42 | 000,000,096 | ---- | M] () -- C:\Users\sharon\Desktop\check.bat
[2011/02/11 19:24:06 | 000,429,948 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/02 21:04:11 | 000,163,328 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNT.E_E
[2011/02/02 21:04:11 | 000,157,696 | ---- | M] () -- C:\Users\sharon\Desktop\ERUNT.EXE
[2011/02/02 21:04:11 | 000,140,288 | ---- | M] () -- C:\Users\sharon\Desktop\NTREGOPT.EXE
[2011/02/02 21:04:11 | 000,038,912 | ---- | M] () -- C:\Users\sharon\Desktop\AUTOBACK.EXE
[2011/02/02 21:04:11 | 000,005,417 | ---- | M] () -- C:\Users\sharon\Desktop\LOC_GER.ZIP
[2011/02/02 21:04:11 | 000,004,090 | ---- | M] () -- C:\Users\sharon\Desktop\ERUNT.LOC
[2011/02/02 21:04:11 | 000,003,275 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNTWIN.LOC
[2011/02/02 21:04:11 | 000,002,815 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNTDOS.LOC
[2011/02/02 21:04:11 | 000,001,960 | ---- | M] () -- C:\Users\sharon\Desktop\NTREGOPT.LOC
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/01 18:43:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/02/01 18:42:43 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/31 21:19:14 | 000,429,287 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110211-192406.backup
[2011/01/31 21:17:06 | 000,001,223 | ---- | M] () -- C:\Users\sharon\Desktop\Spybot - Search & Destroy.lnk
[2011/01/31 20:36:44 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/31 19:45:31 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 12:22:07 | 000,005,632 | ---- | M] () -- C:\Users\sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/30 12:21:01 | 000,000,146 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/01/30 12:05:05 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/30 12:05:05 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/30 12:03:52 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3988009634-3639699477-678770399-1000Core.job
[2011/01/26 20:51:15 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for sharon.job
[2011/01/23 16:21:17 | 000,001,908 | ---- | M] () -- C:\Users\sharon\Desktop\Create Your Own Video Screensaver!.lnk
[2011/01/23 16:21:17 | 000,001,908 | ---- | M] () -- C:\Users\sharon\Desktop\Click Here For Free Music.lnk
[2011/01/23 16:21:17 | 000,001,906 | ---- | M] () -- C:\Users\sharon\Desktop\Be Creative on Facebook With Facepaint Layouts.lnk
[2011/01/23 16:21:17 | 000,001,082 | ---- | M] () -- C:\Users\sharon\Desktop\PC Speed Maximizer.lnk
[2011/01/20 18:43:34 | 000,002,249 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/02/13 11:33:06 | 000,001,092 | ---- | C] () -- C:\Users\sharon\Desktop\fix.reg
[2011/02/12 17:34:42 | 000,000,096 | ---- | C] () -- C:\Users\sharon\Desktop\check.bat
[2011/02/01 18:43:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/02/01 18:42:43 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/31 21:17:06 | 000,001,223 | ---- | C] () -- C:\Users\sharon\Desktop\Spybot - Search & Destroy.lnk
[2011/01/31 20:36:44 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/31 19:45:31 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 12:21:01 | 000,000,146 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/01/27 20:23:59 | 000,005,632 | ---- | C] () -- C:\Users\sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 16:21:17 | 000,001,908 | ---- | C] () -- C:\Users\sharon\Desktop\Create Your Own Video Screensaver!.lnk
[2011/01/23 16:21:17 | 000,001,908 | ---- | C] () -- C:\Users\sharon\Desktop\Click Here For Free Music.lnk
[2011/01/23 16:21:17 | 000,001,906 | ---- | C] () -- C:\Users\sharon\Desktop\Be Creative on Facebook With Facepaint Layouts.lnk
[2011/01/23 16:21:17 | 000,001,082 | ---- | C] () -- C:\Users\sharon\Desktop\PC Speed Maximizer.lnk
[2011/01/20 18:43:34 | 000,002,249 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/01/14 02:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 02:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/09/01 12:44:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/01 12:37:19 | 000,015,312 | ---- | C] () -- C:\Windows\System32\drivers\LiveIO.sys
[2009/09/01 12:34:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/01 12:13:45 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/11 12:16:34 | 000,015,312 | ---- | C] () -- C:\Windows\System32\LiveIO.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

SnowBum
2011-02-14, 16:48
And the Extras.txt:-

OTL Extras logfile created on: 14/02/2011 14:36:02 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\sharon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.77 Gb Total Space | 104.95 Gb Free Space | 75.08% Space Free | Partition Type: NTFS

Computer Name: SHARON-PC | User Name: sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3988009634-3639699477-678770399-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03FB76DA-AFE2-F29B-6147-3D1F60812BA3}" = Fanbase
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{271F5A67-A83A-4985-B41B-201EB267E6CF}" = LIVE! Control Center 1.05
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A65DAD2-E914-4923-9C2A-81B968A68CE2}" = Launch
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{508BFA95-545E-42A2-8C9D-E531C53C9B79}" = inTuneMP3
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}" = InstallIQ Updater
"{5F624839-947D-46EA-BD63-FD847C1AC6F1}" = BearShare
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73289228-1853-4623-982A-EB17FF0270CA}" = LIVE! OSD 1.14(AD)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK Wireless LAN Driver
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Ares" = Ares 2.1.2
"BearShare" = BearShare
"com.atlanticrecords.Fanbase.A6C8DD5DA30F5C18C5C42884996720F649F6ED37.1" = Fanbase
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.21.3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NSS" = Norton Security Scan
"PC Speed Maximizer_is1" = PC Speed Maximizer v2.2
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3988009634-3639699477-678770399-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blinkx beat" = blinkx beat
"Google Chrome" = Google Chrome
"NetAssistant" = Freeze.com NetAssistant

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/01/2011 12:04:06 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 12:08:43 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 12:12:36 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 12:36:32 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 12:40:17 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 14:47:04 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 15:48:23 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 30/01/2011 15:55:41 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 31/01/2011 03:50:53 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

Error - 31/01/2011 12:47:42 | Computer Name = sharon-PC | Source = Registry Helper Service | ID = 109
Description = Error: Service started

[ Media Center Events ]
Error - 31/01/2011 17:38:37 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 21:38:37 - Error connecting to the internet. 21:38:37 - Unable
to contact server..

Error - 31/01/2011 17:38:54 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 21:38:42 - Error connecting to the internet. 21:38:42 - Unable
to contact server..

Error - 11/02/2011 19:49:57 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 23:49:57 - Error connecting to the internet. 23:49:57 - Unable
to contact server..

Error - 11/02/2011 19:50:15 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 23:50:02 - Error connecting to the internet. 23:50:02 - Unable
to contact server..

Error - 12/02/2011 07:57:01 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 11:57:01 - Error connecting to the internet. 11:57:01 - Unable
to contact server..

Error - 12/02/2011 07:57:18 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 11:57:06 - Error connecting to the internet. 11:57:06 - Unable
to contact server..

Error - 12/02/2011 12:02:19 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 16:02:14 - Error connecting to the internet. 16:02:19 - Unable
to contact server..

Error - 12/02/2011 12:06:00 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 16:03:05 - Error connecting to the internet. 16:03:05 - Unable
to contact server..

Error - 12/02/2011 13:15:19 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 17:14:34 - Error connecting to the internet. 17:14:34 - Unable
to contact server..

Error - 12/02/2011 13:19:20 | Computer Name = sharon-PC | Source = MCUpdate | ID = 0
Description = 17:15:29 - Error connecting to the internet. 17:15:29 - Unable
to contact server..

[ System Events ]
Error - 01/02/2011 14:08:35 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:10:39 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:10:39 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:10:39 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 01/02/2011 14:12:10 | Computer Name = sharon-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >

Baabiouz
2011-02-14, 18:04
Hello

We need to run an OTL Fix
Please reopen http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/otlDesktopIcon.png on your desktop.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox.

:OTL
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3988009634-3639699477-678770399-1000\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

Push http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/runFixbutton.png
OTL may ask to reboot the machine. Please do so if asked.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
A report will open. Copy and Paste that report in your next reply.


-----------------------


Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’ (http://www.bleepingcomputer.com/forums/blog/676/entry-1747-microsoft-unprecedented-wave-of-java-exploitation/)
Drive-by Trojan preying on out-of-date Java installations (http://sunbeltblog.blogspot.com/2010/08/microsoft-drive-by-trojan-preying-on.html)
Ghosts of Java Haunt Users (http://blog.washingtonpost.com/securityfix/2008/07/remnant_java_versions_again_po.html)
Please follow these steps to remove older version Java components and update: Download the latest version of Java Runtime Environment (JRE) Version 6 (http://www.oracle.com/technetwork/java/javase/downloads/index.html) and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
Select your Language: "Multi-language".
Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
Click Continue and the page will refresh.
Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to http://www.techsupportforum.com/sectools/tetonbob/StartBtn.gif > Control Panel, double-click on Add/Remove Programs (http://www.bleepingcomputer.com/forums/topic42133.html) or Programs and Features (http://www.webtechgeek.com/HT-Vista-Tip-Add-Remove-Programs-in-Vista.htm) in Vista/Windows 7 and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator (http://vistasupport.mvps.org/run_as_administrator.htm).
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update (http://www.java.com/en/download/help/features_java6update10.xml?ff3) to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it: Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

Please post a fresh OTL log back here.

SnowBum
2011-02-14, 20:12
The OTL fix has been run, log:-

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3988009634-3639699477-678770399-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3988009634-3639699477-678770399-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f4e6547e-325b-403c-a3bb-ad29ed37a92f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

OTL by OldTimer - Version 3.2.20.6 log created on 02142011_172215


The old Java installs have been removed and the latest one installed.


The new OTL scan:-


OTL logfile created on: 14/02/2011 18:05:28 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\sharon\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.77 Gb Total Space | 104.62 Gb Free Space | 74.85% Space Free | Partition Type: NTFS

Computer Name: SHARON-PC | User Name: sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/14 14:35:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sharon\Downloads\OTL.exe
PRC - [2011/02/10 03:14:59 | 000,994,872 | ---- | M] (Google Inc.) -- C:\Users\sharon\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/11/24 12:09:30 | 000,173,328 | ---- | M] (Avanquest Software) -- C:\Program Files\PC Speed Maximizer\Startw3i.exe
PRC - [2010/10/05 02:27:16 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.188\SSScheduler.exe
PRC - [2010/09/29 16:00:56 | 001,588,184 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/28 14:54:16 | 000,516,608 | ---- | M] (ODM) -- C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
PRC - [2009/08/26 01:17:16 | 007,723,552 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/31 22:25:12 | 000,162,912 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/03 20:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/31 16:39:22 | 000,340,176 | ---- | M] (The TechGuys) -- C:\Program Files\The TechGuys\Launch\Launch.exe


========== Modules (SafeList) ==========

MOD - [2011/02/14 14:35:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\sharon\Downloads\OTL.exe
MOD - [2010/08/21 05:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010/08/04 13:19:26 | 000,150,576 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\PCTGMhk.dll
MOD - [2009/07/14 01:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - [2010/11/21 09:24:58 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/11/02 04:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2010/10/05 02:27:16 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.188\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/09/29 16:00:56 | 001,145,304 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/22 12:03:38 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/14 01:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/14 01:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 20:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010/08/25 19:31:30 | 009,024,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2010/08/18 13:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/12/11 07:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/08/25 19:26:36 | 002,758,240 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/07/14 01:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/14 01:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/14 01:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/14 01:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/14 01:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/14 01:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/14 01:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/14 01:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/14 01:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/14 01:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/14 01:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/14 01:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/14 01:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/14 01:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/14 01:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/14 01:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/14 01:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/14 01:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/14 01:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/14 01:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/14 01:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/14 01:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/14 01:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/14 01:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/14 01:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/14 01:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/14 01:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/14 01:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/14 01:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/14 01:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/14 01:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/14 01:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/14 01:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/14 01:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/14 01:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/14 01:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/14 01:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/14 01:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/14 00:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/14 00:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rdpbus.sys -- (rdpbus)
DRV - [2009/07/14 00:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 23:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 23:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 23:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 23:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009/07/13 23:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 23:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 23:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 23:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 23:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 23:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 23:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 23:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 23:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 23:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 23:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 22:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 22:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 22:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 22:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 22:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 22:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 22:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 22:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 22:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/01 10:03:10 | 000,372,224 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187Se.sys -- (RTL8187Se)
DRV - [2009/06/25 19:26:10 | 000,212,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\system32\DRIVERS\SynTP.sys -- (SynTP)
DRV - [2009/06/04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2009/06/04 16:45:48 | 000,166,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/05/26 04:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2009/05/22 22:52:04 | 000,167,936 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/05/11 12:16:34 | 000,015,312 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveIO.sys -- (LiveIO)
DRV - [2009/05/06 10:32:08 | 000,004,096 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livekbc.sys -- (Livekbc)
DRV - [2009/05/06 10:28:42 | 000,003,968 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Livemouclass.sys -- (Livemouclass)
DRV - [2009/05/06 10:23:56 | 000,004,096 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\LiveGpdKBFilter.sys -- (LiveGpdKBFilter)
DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011/02/11 19:24:06 | 000,429,948 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14798 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [PC Speed Maximizer] C:\Program Files\PC Speed Maximizer\SPMStarter.exe ()
O4 - HKCU..\Run: [Reminder] C:\Program Files\TTG\Reminder\Reminder.exe (DSG Retail Ltd)
O4 - HKCU..\Run: [SPMTray] C:\Program Files\PC Speed Maximizer\SPMTray.exe (Avanquest Software)
O4 - HKCU..\Run: [Startw3i] C:\Program Files\PC Speed Maximizer\Startw3i.exe (Avanquest Software)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/14 18:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/14 18:00:39 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/14 18:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/14 18:00:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/14 18:00:19 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/02/14 17:31:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/14 17:22:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/14 14:27:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{5C89DEE7-A518-4F82-AC4F-525BB3E3426A}
[2011/02/13 11:38:56 | 000,000,000 | ---D | C] -- C:\Users\sharon\DoctorWeb
[2011/02/13 11:25:00 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{95AC3E84-FDB2-49B9-9849-0BDDCA43D65A}
[2011/02/12 19:36:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2011/02/12 17:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/02/12 17:33:07 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/12 17:33:06 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/02/12 17:33:01 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/02/12 17:33:00 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/02/12 17:32:50 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/02/12 17:32:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/02/12 17:32:50 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/02/12 17:32:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/02/12 17:32:49 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/02/12 17:32:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/02/12 17:32:49 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/02/12 17:32:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/02/12 17:32:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/02/12 17:32:46 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/02/12 17:32:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/02/12 17:32:44 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/02/12 17:32:44 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/02/12 17:32:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\upnp.dll
[2011/02/12 17:32:34 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
[2011/02/12 17:32:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
[2011/02/12 17:32:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2011/02/12 17:23:41 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{29EA5D9E-351C-4252-AFB7-523686CDA22F}
[2011/02/11 19:20:31 | 000,000,000 | ---D | C] -- C:\Users\sharon\Desktop\logs
[2011/02/02 21:06:16 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/01 18:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 3
[2011/02/01 18:42:38 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\IObit
[2011/02/01 18:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011/01/31 23:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/01/31 21:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/01/31 21:17:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/01/31 21:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/01/31 20:36:46 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\SUPERAntiSpyware.com
[2011/01/31 20:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/01/31 20:36:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/01/31 20:36:42 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/01/31 19:45:34 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Malwarebytes
[2011/01/31 19:45:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/31 19:45:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/31 19:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/31 19:45:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/31 19:45:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/31 07:51:47 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{743DA19D-3694-4675-B598-07C0EF4113DF}
[2011/01/30 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{FD0C23B3-FB54-4ED6-9F16-402CFCDF345B}
[2011/01/30 12:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CED
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\My Received Files
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\BearShare
[2011/01/30 12:21:04 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\BearShare
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\BearShare Applications
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BearShare
[2011/01/30 12:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\BearShare
[2011/01/30 12:19:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\{4B337C2B-E6F0-4B28-98E9-248E1772D7EA}
[2011/01/30 07:48:01 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{E31A5F63-358D-4EE4-A02D-3884D07434ED}
[2011/01/28 21:19:30 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{437E8B2B-008E-4CA1-9BA7-C4F7E70B9F95}
[2011/01/28 07:43:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{2DBC406F-8EBB-4064-B045-639C51BDDABE}
[2011/01/27 19:43:27 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{349BF481-9E26-45A2-9E34-83391E176AC3}
[2011/01/27 07:43:02 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{62E26ADD-CA56-4C74-87F5-9E5FA8B6933A}
[2011/01/26 16:14:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{4CBF06D2-ACE1-4592-9687-3D8BCCA97D56}
[2011/01/25 16:05:48 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{3D6CA0C0-CCAC-49D3-A230-2E89391CC7A7}
[2011/01/24 20:18:39 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{E1CCF7A0-1B9A-403B-BDCA-18F35A517349}
[2011/01/24 07:17:51 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{93329040-B0E2-4128-BFE7-42FB0E233835}
[2011/01/23 16:51:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\RegistryKeys
[2011/01/23 16:51:50 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\PC Speed Maximizer
[2011/01/23 16:22:32 | 000,000,000 | ---D | C] -- C:\Users\sharon\Documents\webkit
[2011/01/23 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\com.w3i.intune
[2011/01/23 16:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\inTuneMP3
[2011/01/23 16:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\inTuneMP3
[2011/01/23 16:21:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Yahoo
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\W3i
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\W3i
[2011/01/23 16:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater
[2011/01/23 16:21:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
[2011/01/23 16:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2011/01/23 16:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\PC Speed Maximizer
[2011/01/23 16:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2011/01/23 16:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/01/23 16:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2011/01/23 16:20:47 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Yahoo!
[2011/01/23 16:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/01/23 16:11:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Ares
[2011/01/23 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares
[2011/01/23 16:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
[2011/01/23 16:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\Ares
[2011/01/23 10:11:17 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{225CD17E-07D0-4D1D-96C0-DF9668CCB3C4}
[2011/01/22 21:06:25 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{936DEA61-E467-4DD2-A4FF-5CF59ED77C7A}
[2011/01/21 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{4FE5E0FB-A3A9-4A59-B688-B61C7AA62C73}
[2011/01/21 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Deployment
[2011/01/21 16:56:37 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\Apps
[2011/01/21 16:55:19 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{89FDD60E-773E-4CA2-8A73-823CE31595DD}
[2011/01/20 18:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/01/20 16:40:16 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{6632CAE6-CA96-40AA-B815-B39CDFFC9388}
[2011/01/19 17:08:23 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{0EB60455-1315-4F95-A6E6-A091D6033D2A}
[2011/01/18 06:56:15 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{A64A85C9-CEBF-4920-B846-0B386866C31C}
[2011/01/17 08:05:29 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{9ECF43A7-B8EA-425B-BD2D-79120615FF84}
[2011/01/16 08:25:54 | 000,000,000 | ---D | C] -- C:\Users\sharon\AppData\Local\{B7EE4005-E175-4B5A-8640-143527E2A33E}
[2010/08/25 18:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/02/14 18:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/14 18:04:25 | 000,018,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 18:04:25 | 000,018,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/14 18:04:04 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3988009634-3639699477-678770399-1000UA.job
[2011/02/14 18:00:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/02/14 18:00:22 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/02/14 18:00:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/02/14 18:00:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/02/14 17:57:01 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/14 17:56:23 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2011/02/14 17:56:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/14 17:55:59 | 2385,170,432 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/13 11:33:06 | 000,001,092 | ---- | M] () -- C:\Users\sharon\Desktop\fix.reg
[2011/02/12 19:40:46 | 000,340,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/02/12 19:35:50 | 001,020,142 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/02/12 18:15:24 | 000,002,411 | ---- | M] () -- C:\Users\sharon\Desktop\Google Chrome.lnk
[2011/02/12 17:34:42 | 000,000,096 | ---- | M] () -- C:\Users\sharon\Desktop\check.bat
[2011/02/11 19:24:06 | 000,429,948 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/02/03 05:45:07 | 000,219,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2011/02/02 21:04:11 | 000,163,328 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNT.E_E
[2011/02/02 21:04:11 | 000,157,696 | ---- | M] () -- C:\Users\sharon\Desktop\ERUNT.EXE
[2011/02/02 21:04:11 | 000,140,288 | ---- | M] () -- C:\Users\sharon\Desktop\NTREGOPT.EXE
[2011/02/02 21:04:11 | 000,038,912 | ---- | M] () -- C:\Users\sharon\Desktop\AUTOBACK.EXE
[2011/02/02 21:04:11 | 000,005,417 | ---- | M] () -- C:\Users\sharon\Desktop\LOC_GER.ZIP
[2011/02/02 21:04:11 | 000,004,090 | ---- | M] () -- C:\Users\sharon\Desktop\ERUNT.LOC
[2011/02/02 21:04:11 | 000,003,275 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNTWIN.LOC
[2011/02/02 21:04:11 | 000,002,815 | ---- | M] () -- C:\Users\sharon\Desktop\ERDNTDOS.LOC
[2011/02/02 21:04:11 | 000,001,960 | ---- | M] () -- C:\Users\sharon\Desktop\NTREGOPT.LOC
[2011/02/02 17:11:20 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011/02/01 18:43:01 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2011/02/01 18:42:43 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/31 21:19:14 | 000,429,287 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110211-192406.backup
[2011/01/31 21:17:06 | 000,001,223 | ---- | M] () -- C:\Users\sharon\Desktop\Spybot - Search & Destroy.lnk
[2011/01/31 20:36:44 | 000,001,968 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/31 19:45:31 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 12:22:07 | 000,005,632 | ---- | M] () -- C:\Users\sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/30 12:21:01 | 000,000,146 | ---- | M] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/01/30 12:05:05 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/30 12:05:05 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/30 12:03:52 | 000,000,858 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3988009634-3639699477-678770399-1000Core.job
[2011/01/26 20:51:15 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for sharon.job
[2011/01/23 16:21:17 | 000,001,908 | ---- | M] () -- C:\Users\sharon\Desktop\Create Your Own Video Screensaver!.lnk
[2011/01/23 16:21:17 | 000,001,908 | ---- | M] () -- C:\Users\sharon\Desktop\Click Here For Free Music.lnk
[2011/01/23 16:21:17 | 000,001,906 | ---- | M] () -- C:\Users\sharon\Desktop\Be Creative on Facebook With Facepaint Layouts.lnk
[2011/01/23 16:21:17 | 000,001,082 | ---- | M] () -- C:\Users\sharon\Desktop\PC Speed Maximizer.lnk
[2011/01/20 18:43:34 | 000,002,249 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== Files Created - No Company Name ==========

[2011/02/13 11:33:06 | 000,001,092 | ---- | C] () -- C:\Users\sharon\Desktop\fix.reg
[2011/02/12 17:34:42 | 000,000,096 | ---- | C] () -- C:\Users\sharon\Desktop\check.bat
[2011/02/01 18:43:01 | 000,000,372 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2011/02/01 18:42:43 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2011/01/31 21:17:06 | 000,001,223 | ---- | C] () -- C:\Users\sharon\Desktop\Spybot - Search & Destroy.lnk
[2011/01/31 20:36:44 | 000,001,968 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/31 19:45:31 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/30 12:21:01 | 000,000,146 | ---- | C] () -- C:\Users\Public\Desktop\Emoticons for your messenger!.url
[2011/01/27 20:23:59 | 000,005,632 | ---- | C] () -- C:\Users\sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/23 16:21:17 | 000,001,908 | ---- | C] () -- C:\Users\sharon\Desktop\Create Your Own Video Screensaver!.lnk
[2011/01/23 16:21:17 | 000,001,908 | ---- | C] () -- C:\Users\sharon\Desktop\Click Here For Free Music.lnk
[2011/01/23 16:21:17 | 000,001,906 | ---- | C] () -- C:\Users\sharon\Desktop\Be Creative on Facebook With Facepaint Layouts.lnk
[2011/01/23 16:21:17 | 000,001,082 | ---- | C] () -- C:\Users\sharon\Desktop\PC Speed Maximizer.lnk
[2011/01/20 18:43:34 | 000,002,249 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/08/25 18:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 18:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/01/14 02:41:00 | 000,309,248 | ---- | C] () -- C:\Windows\System32\sqlite36_engine.dll
[2010/01/14 02:38:00 | 000,023,552 | ---- | C] () -- C:\Windows\System32\DirectCOM.dll
[2009/09/01 12:44:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/09/01 12:37:19 | 000,015,312 | ---- | C] () -- C:\Windows\System32\drivers\LiveIO.sys
[2009/09/01 12:34:34 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/09/01 12:13:45 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/07/13 23:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/11 12:16:34 | 000,015,312 | ---- | C] () -- C:\Windows\System32\LiveIO.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Baabiouz
2011-02-14, 21:01
Well done :bigthumb:

Looks clean, great job! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Next we remove all used tools.

Please download OTCleanIt (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Hide system files

Open My Computer.
Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Do not show hidden files and folders.
Check (tick) Hide extensions of known file types.
Check (tick) Hide protected operating system files (Recommended).
Click OK.
Close My Computer.

Create a new, clean System Restore point

Click on Start > All Programs > Accessories > System Tools > System Restore.
On the Welcome Page, select Create a restore point. Click Next.
Give this restore point a descriptive name and click Create.
When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.

Clear infected System Restore points

Click on Start > All Programs > Accessories > System Tools > Disk Cleanup.
Select C drive and click OK.
Select the More Options tab.
Under System Restore, click on Clean up....
You will be prompted. Click Yes.
When done, click OK.
You will be prompted again. Press Yes to confirm.
When done, Disk Cleanup will close automatically.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update (http://update.microsoft.com/)
Office Update (http://office.microsoft.com/en-us/officeupdate/default.aspx)

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
Never open emails from unknown senders.
Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge (http://sourceforge.net/) or Pricelessware (http://www.pricelesswarehome.org/).

Surf safely

Many of the exploits are directed to users of Internet Explorer and Firefox.

Using Firefox (http://www.mozilla.com/en-US/firefox/) with NoScript add-on (https://addons.mozilla.org/en-US/firefox/addon/722) helps to prevent most exploits from running as NoScript by default disables all scripts on all websites. If you trust the website, you can manually allow it.

If you prefer to use Internet Explorer, please refer to this website to learn how to secure Internet Explorer 6 (http://surfthenetsafely.com/slides/ieconfigureslide1.htm).

To secure Internet Explorer 7, please read this article (http://surfthenetsafely.com/ieseczone8.htm).


Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article (http://www.microsoft.com/athome/security/update/howbackup.mspx) to learn how to backup. Follow this article (http://support.microsoft.com/kb/309340) by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer (http://www.bleepingcomputer.com/tutorials/tutorial127.html).

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs (http://p2p.malwareremoval.com/) if you need to use one.

Prevent a re-infection

Spyware Blaster
SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX (http://surfthenetsafely.com/activex.htm) programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

You can download SpywareBlaster from Javacool (http://www.javacoolsoftware.com/spywareblaster.html).

If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial (http://www.bleepingcomputer.com/tutorials/tutorial49.html) at Bleeping Computer.


Hosts File
A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:

MVPS Hosts File (http://www.mvps.org/winhelp2002/hosts.htm)
Bluetack's Hosts File (http://www.bluetack.co.uk/forums/index.php?showtopic=8406)
Bluetack's Host Manager (http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=16)
hpHosts (http://hphosts.mysteryfcm.co.uk/?s=Download)

A tutorial (http://forum.malwareremoval.com/viewtopic.php?t=22187) about Hosts File can be found at Malware Removal.


Malwarebytes RogueNET (http://www.malwarebytes.org/malwarenet.php) Bleeping Computer (http://www.bleepingcomputer.com/malware-removal/)
Before downloading any anti-spyware programs, always check it. This will save you from a lot of trouble. If in doubt, don't ever download it.


Here are some more things to read about:

Securing Skype (http://www.skype.com/security/safety/)
Greater email safety (http://surfthenetsafely.com/surfsafely4.htm)
Phishing - what is it? (http://surfthenetsafely.com/phishing.htm)
80 Super Security Tips (http://www.pcmag.com/article2/0,1895,1838690,00.asp)

Happy surfing and stay clean!

SnowBum
2011-02-15, 01:21
I've followed all of these steps and the laptop is now totally clean. I've installed a few security tools and now i feel that this case can be closed. I'll give my friend some advice on keeping her security upto date.

Thanks again for your help!

Baabiouz
2011-02-15, 07:11
You're welcome. I'm glad I was able to help ;)