Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91981 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

pc slows down to crawling pace [Solved]


  • This topic is locked This topic is locked
92 replies to this topic

#46 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 November 2013 - 11:00 PM

Hi fellfromgrace,

 

:thumbup:  let me know the results.

 

 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#47 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 15 November 2013 - 02:46 PM

Hi OCD,

seems to be running as well as can be expected. Word is still doing it's funny thing at the start when I open a saved document but that's livable with. What's next? :-)



#48 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 November 2013 - 10:46 PM

Hi fellfromgrace,

Your log appears to be clean. :thumbup:

We have a few items to take care of before we get to the All Clean Speech.

=========================

bullseye_zpse9eaf36e.gif Clean up with OTL:
  • Right-click OTL.exe select "Run as Administrator" to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
=========================

bullseye_zpse9eaf36e.gif Removing/Uninstalling AdwCleaner:
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
=========================

bullseye_zpse9eaf36e.gif You can now delete any tools and/or logs remaining on your desktop.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Impliment what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-VirusFree Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.Make sure you keep your Windows OS current. Windows XP users can visit Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#49 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 17 November 2013 - 01:33 PM

Hu OCD, I could not find OTL on the desktop (!?) so had to download it again after disabling my isp's protection in order to get on the site ... when I ran Fix it said 'No fix provided, click OK to load it from a file or Cancel to Cancel' This is odd as I ran it before and it was all OK ...

 

so I ran a scan - and tried again with the same result. Here's what the scan said:

 

OTL Extras logfile created on: 17/11/2013 12:50:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lorna\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 52.34% Memory free
7.99 Gb Paging File | 5.12 Gb Available in Paging File | 64.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.44 Gb Total Space | 270.24 Gb Free Space | 59.99% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 333.37 Gb Free Space | 71.58% Space Free | Partition Type: NTFS
Drive E: | 254.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: LORNA-PC | User Name: Lorna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Value error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FB98A1-7AF9-46DA-870E-B3E179CE55A5}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0A37EBFD-4C01-4323-BBD7-D212EB87C91B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D23B282-2882-4D6B-B34C-C809FBDB29EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0E8B587E-8654-49E1-ADD9-5A6126327F9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{109092A7-9655-42A4-BE06-1E4293F9D2BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{175CC621-2FC3-4E9A-8A3B-8688346CBA8F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AB91F7A-C8C3-4F1B-90E2-0DF59D760C39}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2456651F-140F-41DB-AE77-FD4C437211B3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{285DA852-E50B-4CD6-A2AF-A67C16058365}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F22710D-5CDC-42CB-8492-66DE3A6C1D8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{327F1DA6-D344-4488-B593-D5455C2CC737}" = rport=10243 | protocol=6 | dir=out | app=system |
"{36B71C93-50A9-4F48-BF8E-7569CFD30A5C}" = rport=2869 | protocol=6 | dir=out | app=system |
"{40D98898-C72B-48A9-9001-AA1EA67D641E}" = lport=137 | protocol=17 | dir=in | app=system |
"{6B75E5BC-8C35-4758-A8B9-670E1F4D590B}" = rport=138 | protocol=17 | dir=out | app=system |
"{6CD889C3-ADC0-4253-A003-13D5A86433E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8E491A19-0544-4E98-8CCB-FEDFDAC391BA}" = lport=445 | protocol=6 | dir=in | app=system |
"{8F3FDE23-CB59-40E2-99DC-248E18C6AD35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8F63FA6D-D92E-43F1-9736-08F1DA4C0ED6}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{990019A1-389A-4131-8ED1-75C68E987E3B}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{999B8C11-E1E9-48B0-B131-51BF04F48763}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AAA4096A-8218-492F-867B-6DBBFF09D244}" = lport=139 | protocol=6 | dir=in | app=system |
"{AFDF5C9D-EF74-429B-9DDA-9E4A52576469}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B4D7A118-7027-45E5-82C6-7DDA4005F457}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B8ACFC35-CE78-4145-97F9-3CBB5905ACA3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C242A725-DF66-4D6B-A25D-B69DFEC85D60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5299320-4AFA-44FD-A254-D0ACE41376CF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D00F6322-F81F-48FE-A42C-689480474DF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{D60C093C-775D-44FB-AA6D-5FAA2E4AB678}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DADE18E9-DEFD-4BE3-AFCF-7D5B3440B6FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{DD1C5633-85CA-4F5D-9761-7C44D8785AB1}" = rport=139 | protocol=6 | dir=out | app=system |
"{EC3E75AD-21E1-4969-9906-E6FFDDE263DE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E663DF1-5CC7-49F9-B4F2-DE4EC2CDF538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F9493B2-954A-45C2-A962-D64D963598B1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0FE74F0C-38DE-4447-9C5F-A7F1C895A49C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{17355C71-1C6A-4F7A-8DCB-76D5074EC64E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{19B926AF-F118-4E2D-A0D5-C54FC4933C29}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{24F886AC-2564-49A6-89B6-1C9DA4C959E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{3439C0E9-1858-4AFC-B720-4D3F0F01045D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{35CDDABE-97DD-4AD8-821E-EEEB6CEF9103}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3FBBCB08-A755-4D39-A53F-895873691A91}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{4316C09F-0F43-489A-B7F3-8E3B9B5A77CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{439578B7-4ED0-4CF8-8AB8-880B24B1A4F0}" = protocol=17 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{4C0574E3-F9E2-453F-977D-3571B658121D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF09CFE-451B-44A1-94E3-5D177B5026A7}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{5AE9766C-EC17-454E-8FAA-3F3A5806AE5F}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{64FAC652-19ED-4637-86F6-E87D29048500}" = protocol=6 | dir=out | app=system |
"{65189FD5-E420-4929-89DC-C2432B37F088}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{658D211A-36E4-456B-9DE6-B38E6BF5B7E1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6756D2C8-D447-4C27-992D-1671AB2C3B21}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69C7DF42-A0B7-4CBF-BFD9-C5402896D6E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6E739B8C-F5DE-44CC-8156-3C2DC7FBF9E3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{727199DC-71F7-4C6F-9C5A-F2D8EBFFBFC0}" = protocol=6 | dir=in | app=c:\windows\temp\cmc_dragon\restart_helper.exe |
"{7928CA9C-B0CE-4A93-92AC-D6D67FF39CD8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7AC87AB6-F04D-4E76-A450-665B8B5DDD80}" = protocol=6 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{7D537CD3-E95A-48C2-92C2-0362143919F4}" = protocol=6 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{9C1B4A8A-2198-4CB1-8A6A-233778D9C76E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A2D0DBED-F7DE-49E0-98DB-F40E792C4A74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AD7E18DA-5144-4307-BA47-6F910D52F525}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AE1F3226-FB2F-458F-863C-92CE34467DBD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BF5AE95C-5779-49FC-A95F-A19EB426F5D2}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C38F1B2D-5541-4443-B546-983E13B9D4FF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C4F6DDF6-0527-4A4C-86DB-FD1661B27A3B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C97E426B-9C46-428A-BA44-247A11D73F7C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CB269071-FD26-4B3D-A1F0-ED82D4F8FF34}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{CE7E3F2C-374E-434B-8097-6F85E818F921}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{D8442974-63BC-40C7-9F42-2A2EB91307D4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DF1E12D1-625A-434C-8AF2-ADBACA066882}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA239201-9796-4433-8FAD-6D2F7FBC6256}" = protocol=17 | dir=in | app=c:\program files (x86)\easeus\todo backup\bin\agent.exe |
"{EEE8BE16-4EBD-4E1F-BC9F-8CDFD7739918}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EF398F74-BF9D-4889-A8D1-65612570EE45}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F512C44E-C797-4A64-852D-559A86C114ED}" = protocol=17 | dir=in | app=c:\users\lorna\appdata\roaming\dropbox\bin\dropbox.exe |
"{FECBDD97-A918-4925-8F49-4671A74E4771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"A5B98551C6BA1C24D2FDDFB2E1764339D449F74D" = Windows Driver Package - Intel (NETw5v64) net  (09/15/2009 13.0.0.107)
"B540836D57069F83653778772EE56C5408F1B192" = Windows Driver Package - Intel (NETw5s64) net  (09/15/2009 13.0.0.107)
"Free PDF to Word Converter_is1" = Free PDF to Word Converter 4.2.3.183
"GIMP-2_is1" = GIMP 2.6.12
"HitmanPro37" = HitmanPro 3.7
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"novaPDF Pro v5_is1" = novaPDF Pro v5 (novaPDF Professional Desktop 5.5  printer)
"NVIDIA Drivers" = NVIDIA Drivers
"PDFtypewriter Printer Driver" = PDFtypewriter Printer Driver
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{10B1D4F7-6568-48F7-92FD-74D616CD061E}" = Serif CraftArtist Wedding Days Collection
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1439B98F-681E-4D51-BB90-D04474E4C6EA}" = Serif Digital Scrapbook Artist 2
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15879CF1-46AD-4A19-B362-E3A939C65BA9}" = DaisyTrail Summer Fun Digikit
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BB1AF9-981C-4539-9113-D2F88F031C1D}" = GeekBuddy
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2189194E-35E0-4597-BC93-63DC40EB9258}" = Serif Digital Scrapbook Artist Photobook, Basic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{25015AF4-F435-4605-A06F-BA91C0BF6087}" = Serif CraftArtist Scrapbooks Collection
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{26F8F39E-C228-4E3C-93A5-061FCCBFC914}" = Serif PagePlus Essentials
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{312F775B-EF9B-4456-83C8-4B4596677C13}" = Serif CraftArtist Baby Photos Collection
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3AD783E5-1DC6-4FDF-B913-C371657B7A6B}" = Acer Arcade Instant On
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EC9C9AB-28DA-411D-8EFE-E31AFAFA038A}" = Karen Gover, Turkish Delight Digikit
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Fingerprint Solution
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ED5BC4D-CADC-4705-A230-D1FC80882252}" = PhotoTools 2.6.3 Free
"{5F9DDC8F-5D4D-4D63-BDB5-8DB3EE1432E4}" = Serif PagePlus Essentials Bonus Content Pack
"{61B3CAF9-0C8A-4390-AE72-D6B90FB71C17}" = Serif CraftArtist Professional
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63CA71FE-85AB-49AE-8668-26951FBD95DC}" = Kaleidoscope Kreator 3
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{76E2A1A0-CE72-48A0-8D8E-767A1B0C2191}" = PhotoFrame 4.6.3 Free
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C08721F-AC43-4198-A35B-93442DD10A26}" = Serif CraftArtist Greeting Cards Collection
"{7D336C6B-1C91-4AD4-B168-F1E1AC08D737}" = PDFtypewriter with PDF Printer Driver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710}" = Star Defender 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92975DF9-EA36-4F36-A9AC-D412BC1D709E}" = Nuvoton EC Generic HID Driver
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FB13038-240D-427E-B27E-1796E5C0FA1A}" = DaisyTrail Vintage Sideshow Digikit
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.74.216
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D12EBB4E-CF21-496D-979F-89D9DE58C5B8}" = PDFill PDF Tools (FREE)
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F42516-EC12-4ECF-A3C3-5A79CD3CB5F5}" = Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E12F5FD8-3C24-4594-9730-3F89C04A45AA}" = eCraftShop Pro
"{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1" = FotoFusion v4
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.7.1562)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F840E2F3-138C-4307-83F7-D0A5DD75B6CE}" = Samsung SCX-4100 Series (TWAIN)
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"aniMate 2 DS3 2.0.0.7" = aniMate 2 DS3
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Comodo Dragon" = Comodo Dragon
"DAZ 3D Install Manager 1 1.0.1.90" = DAZ 3D Install Manager 1
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"Dazzling Reflections PE (Trial Version)_is1" = Dazzling Reflections PE v2.1
"DirPrintOK" = DirPrintOK
"DreamSuite Bonus" = Uninstall DreamSuite Bonus
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"ExpressBurn" = Express Burn Disc Burning Software
"Filter Forge Freepack 1 - Metals_is1" = Filter Forge Freepack 1 - Metals 2.009
"Filter Forge Freepack 2 - Photo Effects_is1" = Filter Forge Freepack 2 - Photo Effects 2.009
"Filter Forge Freepack 3 - Frames_is1" = Filter Forge Freepack 3 - Frames 2.009
"Filter Forge Freepack 4 - Distortions_is1" = Filter Forge Freepack 4 - Distortions 1.015
"Filter Forge Freepack 5 - Hearts_is1" = Filter Forge Freepack 5 - Hearts 2.009
"Filter Forge Freepack 6 - Patterns_is1" = Filter Forge Freepack 6 - Patterns 2.009
"FrameFun_is1" = FrameFun 2.0.0.7
"FrameMaster" = FrameMaster 2.14
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"GPL Ghostscript 8.57" = GPL Ghostscript 8.57
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"GridMagic_is1" = GridMagic 3.3.0.201
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"Identity Card" = Identity Card
"IE Kaleidoscope" = IE Kaleidoscope
"Inkscape" = Inkscape 0.48.2
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{565A39D6-4FB0-4F35-A2AC-0DC66ACC3520}" = Acer Bio Protection
"Instant Eyedropper_is1" = Instant Eyedropper 1.75
"Kaleider_is1" = Kaleider 4.8.1
"LManager" = Launch Manager
"Make The Cut!" = Make The Cut!
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 25.0.1 (x86 en-GB)" = Mozilla Firefox 25.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Picasa 3" = Picasa 3
"Plugin Commander Light 1.61_is1" = Plugin Commander Light 1.61
"Poser Debut_is1" = Poser Debut
"Rapport_msi" = Rapport
"Samsung SCX-4100 Series" = Samsung SCX-4100 Series
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Ulead ArtTexture.Plugin 1.0" = Ulead ArtTexture.Plugin 1.0
"Ulead FantasyWarp.Plugin 1.0" = Ulead FantasyWarp.Plugin 1.0
"WinLiveSuite" = Windows Live Essentials
"Wisdom-soft Set up ScreenHunter 5.1 Free" = Wisdom-soft Set up ScreenHunter 5.1 Free
"XnView_is1" = XnView 1.96.1
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dashlane" = Dashlane
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Spoon.net Sandbox Manager 3.33" = Spoon.net Sandbox Manager 3.33
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/11/2013 07:20:56 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53269443
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53270707
 
Error - 17/11/2013 07:20:57 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53270707
 
Error - 17/11/2013 07:20:59 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:21:02 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53271924
 
Error - 17/11/2013 07:21:04 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53271924
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 53278710
 
Error - 17/11/2013 07:21:05 | Computer Name = Lorna-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 53278710
 
[ System Events ]
Error - 15/11/2013 14:35:46 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Live ID Sign-in Assistant service to connect.
 
Error - 15/11/2013 14:35:46 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error:   %%1053
 
Error - 15/11/2013 14:37:08 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   CFRMD  UimBus  Uim_IM  Uim_VIM
 
Error - 15/11/2013 14:41:28 | Computer Name = Lorna-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
 .NET Framework NGEN v4.0.30319_X64 service to connect.
 
Error - 15/11/2013 16:42:51 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 15/11/2013 16:43:12 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 15/11/2013 16:53:12 | Computer Name = Lorna-PC | Source = DCOM | ID = 10000
Description =
 
Error - 16/11/2013 13:07:02 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 17/11/2013 07:20:42 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
Error - 17/11/2013 07:21:08 | Computer Name = Lorna-PC | Source = ipnathlp | ID = 31004
Description =
 
 
< End of report >
 



#50 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 November 2013 - 10:53 PM

Hi fellfromgrace,

You were supposed to click the Clean-up button in OTL to remove it from your computer.

 OTLgui_zps50485e66.gif

Let me know if you have any other questions.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#51 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 19 November 2013 - 04:53 AM

oh dear! well, everythung done and read now thank you. Still getting the occasional fading and 'not responding' from Firefox and Word, but the firefox stuff could be my internet connection. Now this is running better I will get around to upgrading it and perhaps that will also help

 

then I have to try the other laptop ... :)


Edited by fellfromgrace, 19 November 2013 - 05:11 AM.


#52 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 19 November 2013 - 07:49 AM

Hi fellfromgrace,
 

then I have to try the other laptop ... :)

Just go ahead and post the following logs for the laptop here.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
=========================
bullseye_zpse9eaf36e.gif OTL

Download OTL to your desktop.
  • Make sure all other windows are closed and to let it run uninterrupted.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    services.*
    /md5stop
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    BASESERVICES
    DRIVES
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
=========================

In your next post please provide the following:
  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • OTL.txt
  • Extras.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#53 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 19 November 2013 - 05:02 PM

I cannot attach the file because it times out before I get to load the page which allows me to make an attchment (this laptop is crawling, or it is the site, or my internet connection. I will try again later)



#54 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 19 November 2013 - 05:10 PM

Oh it says I am not permitted to uploa this kind of file when I try to upload the MBR.dat! <_<



#55 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 12:35 AM

Hello fellfromgrace,
 
Please re-read the directions for aswMBR.
 
"You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well."

 

Complete the remainder of the steps and post the corresponding logs. If you still cannot upload the MBR.zip file, skip it and post the logs needed for review.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#56 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 03:38 AM

Attached File  MBR.zip   580bytes   44 downloads

 

Oops, sorry, got frustrated with having to restart due to slowing down to zero, I guess (that's my excuse anyway) :-)

so here it is



#57 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 November 2013 - 09:16 AM

Hi fellfromgrace,

 

I need to see all the logs requested when they are available.


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#58 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 09:50 AM

That's weird as I posted them up alkready but now I see they are not there any more! I will switch pc's and get onto it now, Also I note that when it starts IU get this message from Igfxtray.exe: The procedure entrty piunt LoadSTRINGW coykd not be located in the dynamic link library hccutuils,DLL. Will get the logs now



#59 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 10:05 AM

OK it is not posting the entry ith all logs on. I will post them up separately Checkup:

 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader XI  
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#60 fellfromgrace

fellfromgrace

    Authentic Member

  • Authentic Member
  • PipPip
  • 59 posts

Posted 20 November 2013 - 10:05 AM

as

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-19 21:23:21
-----------------------------
21:23:21.613    OS Version: Windows x64 6.1.7601 Service Pack 1
21:23:21.613    Number of processors: 8 586 0x2A07
21:23:21.614    ComputerName: LORNASAMSUNG-PC  UserName: Lorna Samsung
21:23:22.525    Initialize success
21:27:54.632    AVAST engine defs: 13111900
21:31:14.585    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:31:14.587    Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 953869MB BusType: 3
21:31:14.589    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
21:31:14.592    Disk 1 Vendor: SanDisk_ SSD_ Size: 7641MB BusType: 3
21:31:14.799    Disk 0 MBR read successfully
21:31:14.802    Disk 0 MBR scan
21:31:14.816    Disk 0 Windows 7 default MBR code
21:31:14.829    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
21:31:14.840    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       371712 MB offset 206848
21:31:14.846    Disk 0 Partition - 00     0F Extended LBA            557368 MB offset 761473024
21:31:14.875    Disk 0 Partition 3 00     27 Hidden NTFS WinRE NTFS        24688 MB offset 1902962688
21:31:14.955    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       557367 MB offset 761475072
21:31:15.164    Disk 0 scanning C:\Windows\system32\drivers
21:31:28.191    Service scanning
21:31:42.519    Modules scanning
21:31:42.525    Disk 0 trace - called modules:
21:31:42.562    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
21:31:42.567    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a6af790]
21:31:42.572    3 CLASSPNP.SYS[fffff88001b2c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007e7b050]
21:31:43.570    AVAST engine scan C:\Windows
21:31:45.947    AVAST engine scan C:\Windows\system32
21:35:45.638    AVAST engine scan C:\Windows\system32\drivers
21:36:08.986    AVAST engine scan C:\Users\Lorna Samsung
21:49:36.939    AVAST engine scan C:\ProgramData
21:53:34.452    Scan finished successfully
21:55:00.814    Disk 0 MBR has been saved successfully to "C:\Users\Lorna Samsung\Desktop\MBR.dat"
21:55:00.823    The log file has been saved successfully to "C:\Users\Lorna Samsung\Desktop\aswMBR.txt"
 
 

wMBR.txt


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users