Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Cpu Usage 100%/system idle process taking 80% help


  • Please log in to reply

#1
cheFearl

cheFearl

    New Member

  • Member
  • Pip
  • 5 posts
Good morning /good evening

Hi please help because im having a 100%cpu usage when i start my computer and it never goes back to normal. When i check my task manager it show that my system idle process is taking up to 80% cpu usage.. it never happens before. Please help my computer is freezing lot of times. thanks.




OTL Extras logfile created on: 1/10/2013 4:42:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LG\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 25.22% Memory free
4.10 Gb Paging File | 2.57 Gb Available in Paging File | 62.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 115.00 Gb Total Space | 59.87 Gb Free Space | 52.06% Space Free | Partition Type: NTFS
Drive D: | 106.38 Gb Total Space | 82.91 Gb Free Space | 77.94% Space Free | Partition Type: NTFS

Computer Name: LG-PC | User Name: LG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A24C2C-DFEE-4DE4-86CD-5A055B5E8083}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{160F4485-BD7A-4583-B51F-84AF2CCF31E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{297B2CFF-D98C-4738-86AA-F4A24E12FFD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A82A4F4-D782-4BD7-BF5A-525E1B70B762}" = rport=137 | protocol=17 | dir=out | app=system |
"{385F5E97-8256-4096-A99A-EAEE0ED1E8F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{52940A6F-5EC2-4BAF-A4C0-F15D84C81803}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7154C10B-D51A-4125-AB73-AF887B616EC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F9D9D57-C0E1-4CEA-B567-C36692FF0061}" = lport=139 | protocol=6 | dir=in | app=system |
"{A19298F4-81C2-4862-A9BF-31040B15F485}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A58CBE3F-8D75-48BA-A8D9-95BF66D95D84}" = lport=138 | protocol=17 | dir=in | app=system |
"{AABA137F-5B70-41FA-BD9A-747F2C0B16BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADEC1271-7F99-4414-8505-08DF735FCDEF}" = rport=138 | protocol=17 | dir=out | app=system |
"{C58BAE6F-0ADC-4B52-8152-3BECADCE7C54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CBC6CB7E-FA35-4318-9E4F-A29FDEA775A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E192BBA2-1EC2-4811-94E3-42356819460F}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED8C3AE2-18EF-4C10-B207-D0C3D410D382}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2587793-5694-4AAA-AD8C-2EEC0CACF804}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2607020-CCA5-4400-AC60-3F7DFE2D6589}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{F899851A-A3F7-4D9F-8C4D-F3479D310600}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0298994A-7E04-4414-ABF9-1C83BF8D1E7E}" = protocol=17 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{0536B35B-3C33-41CD-AEDD-D889E201C09C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{15E22B46-FFA8-4F60-8979-0DA9A34245EC}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{16E5AB07-6F43-4D33-8360-91841DA396AA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2EB93CF9-8026-4EC2-BB9F-D5A51D21CF1D}" = dir=in | app=c:\users\lg\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{30516E49-37EB-4904-8E80-C42B260E235B}" = protocol=6 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{5205318B-0232-445A-A830-49E2C1E5DCE2}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{535B2BDE-7411-4C44-9FB5-BC211B53FEA3}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{54BFE425-1848-4399-B02B-B39AE242D02B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5CBBB77E-5C62-4FC2-8822-B1E30A9DE314}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6643C379-93D5-46E2-AD25-DD6CC7DE8E2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{724EFDFD-99BA-4BA8-BD9C-FF0767F564D8}" = protocol=6 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{767F858B-94D7-4FE7-8258-AE04B76FA9D5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7A35ED43-463F-41B5-B798-D1039EDCEC5E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9CFBCF2E-5F53-4A2C-9E8A-EA3248F9DE91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9FE8952B-1F73-49B3-B927-CD5FF78042E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A88DF7AF-8E6E-498B-95EF-3E6B26BF3998}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB31BF2D-51B4-4B78-9D6B-EE3E983AFAEA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B6B2C2DC-1AD5-484A-A061-1D4721979CB9}" = protocol=17 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{C60045D6-6397-4649-9EEB-5546B4CCB1A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CBC87C94-7654-4E7A-9900-D00B81CED60A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD46D016-182F-4FF3-B413-8DC3C46F03DF}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{FAF63FB2-9E2E-44FA-B993-3A1A7D9BBC82}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{0273B26C-0665-49AE-AB79-7E9E7C9476FA}D:\lan game\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\lan game\warcraft iii\war3.exe |
"TCP Query User{12897C77-0D79-466A-BD35-3C7799E66F03}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F79BB47E-AE53-4954-A675-7ABE8F104776}D:\back up files\warcraft 3\war3.exe" = protocol=6 | dir=in | app=d:\back up files\warcraft 3\war3.exe |
"TCP Query User{F97FB8FD-3678-46BE-B8B1-68683ECDDCC7}D:\back up files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\back up files\warcraft iii\war3.exe |
"UDP Query User{3970533B-082C-4407-B193-774E9EE7EA3D}D:\lan game\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\lan game\warcraft iii\war3.exe |
"UDP Query User{6A612134-151D-4313-85A8-E6C08990BF9F}D:\back up files\warcraft 3\war3.exe" = protocol=17 | dir=in | app=d:\back up files\warcraft 3\war3.exe |
"UDP Query User{93407599-93AD-4AC9-AED5-F5C403C86A27}D:\back up files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\back up files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Ralink Wireless LAN Client Adapter
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFCEE46-4F58-4C2F-87C5-E4A686B38265}" = LG OSD
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_PROHYBRIDR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EzManual" = EzManual
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2013 8:06:42 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2013 8:41:14 AM | Computer Name = LG-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 109.0.4.9, time stamp 0x4e3a01eb,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00066a98, process id 0x280, application start time
0x01cdee619e4610cd.

Error - 1/9/2013 9:56:14 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2013 4:21:24 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2013 4:28:37 PM | Computer Name = LG-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 1/9/2013 4:41:17 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/9/2013 6:10:30 PM | Computer Name = LG-PC | Source = Application Error | ID = 1000
Description = Faulting application ccSvcHst.exe, version 109.0.4.9, time stamp 0x4e3a01eb,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x00066626, process id 0x628, application start time
0x01cdeea9a2acc045.

Error - 1/10/2013 8:13:55 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/10/2013 8:23:46 AM | Computer Name = LG-PC | Source = LoadPerf | ID = 3012
Description =

Error - 1/10/2013 8:23:46 AM | Computer Name = LG-PC | Source = LoadPerf | ID = 3011
Description =

[ System Events ]
Error - 1/9/2013 4:34:45 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/9/2013 4:34:45 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/9/2013 4:37:41 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7043
Description =

Error - 1/9/2013 4:41:14 PM | Computer Name = LG-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.106. The computer with the IP address 192.168.0.100 did
not allow the name to be claimed by this computer.

Error - 1/9/2013 4:44:01 PM | Computer Name = LG-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 1/9/2013 4:45:07 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/9/2013 4:45:21 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/9/2013 6:10:31 PM | Computer Name = LG-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 1/10/2013 8:13:51 AM | Computer Name = LG-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.106. The computer with the IP address 192.168.0.103 did
not allow the name to be claimed by this computer.

Error - 1/10/2013 8:17:07 AM | Computer Name = LG-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

system idle process taking 80%

System Idle actually is not a process, but a way to inform that 80% of the processor is doing nothing.

  • Run OTL again. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

NEXT:

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY:

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#3
cheFearl

cheFearl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Whitehat,
Thanks for the reply and sorry for a late reply my computer starts to freeze lot of times. Anyway I follow through your instructions and this are the logs.

OTL log
OTL logfile created on: 1/18/2013 4:12:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LG\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.77% Memory free
4.10 Gb Paging File | 3.18 Gb Available in Paging File | 77.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 115.00 Gb Total Space | 51.33 Gb Free Space | 44.63% Space Free | Partition Type: NTFS
Drive D: | 106.38 Gb Total Space | 82.91 Gb Free Space | 77.93% Space Free | Partition Type: NTFS

Computer Name: LG-PC | User Name: LG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/10 16:41:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LG\Downloads\OTL.exe
PRC - [2011/08/04 08:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe
PRC - [2009/12/10 03:37:00 | 000,207,467 | ---- | M] () -- C:\Users\LG\Desktop\games\inventory+.exe
PRC - [2009/04/11 10:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/10 00:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/21 05:45:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/03/19 00:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/14 15:57:26 | 000,189,744 | ---- | M] () -- C:\Program Files\Garena Plus\ggspawn.dll
MOD - [2009/12/10 03:37:00 | 000,207,467 | ---- | M] () -- C:\Users\LG\Desktop\games\inventory+.exe


========== Services (SafeList) ==========

SRV - [2013/01/10 00:58:53 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/08/04 08:18:43 | 000,126,400 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/06/15 21:16:00 | 003,536,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2008/11/10 00:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/07/21 05:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/03/19 00:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 06:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Program Files\Garena Plus\Room\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (abindmhf)
DRV - [2013/01/16 16:33:58 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130117.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 16:33:58 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20130117.025\NAVENG.SYS -- (NAVENG)
DRV - [2012/11/29 16:53:26 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/11/15 05:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2012/11/09 03:36:30 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/11/08 16:30:18 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20130117.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/10/24 03:34:24 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20130111.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/22 06:53:36 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symtdiv.sys -- (SYMTDIv)
DRV - [2011/08/22 06:53:35 | 000,173,176 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symefa.sys -- (SymEFA)
DRV - [2011/08/04 08:19:30 | 000,485,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\cchpx86.sys -- (ccHP)
DRV - [2011/08/02 16:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011/05/07 01:54:01 | 000,011,776 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\rasacd.sys -- (RasAcd)
DRV - [2011/04/25 20:53:14 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/07/10 15:31:25 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/05/06 08:01:44 | 000,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2010/04/29 09:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\ironx86.sys -- (SymIRON)
DRV - [2010/04/22 06:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtsp.sys -- (SRTSP)
DRV - [2010/04/22 06:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\srtspx.sys -- (SRTSPX)
DRV - [2010/02/19 04:53:20 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/08/30 04:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1109000.00C\symds.sys -- (SymDS)
DRV - [2008/10/29 10:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/15 03:20:24 | 000,112,128 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/05/26 23:54:28 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2007/05/24 04:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2765711


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...er/fix_homepage
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {2381E4B7-5C04-459E-9D46-2F9AC1608B66}
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp

IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FD C6 17 72 32 28 CC 01 [binary data]
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\URLSearchHook: {49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - No CLSID value found
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\URLSearchHook: {f0381dbd-e018-4e07-ae40-d96ab15083f0} - No CLSID value found
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.ae...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={SearchTerms}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{C37E93D1-2232-4E38-A15D-50C19AFFA15F}: "URL" = http://search.condui...&ctid=CT3220467
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\LG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\LG\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\LG\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2011/07/20 12:00:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn_2010_9_0_6 [2013/01/18 14:53:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/07/17 02:23:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/30 04:35:21 | 000,000,000 | ---D | M]

[2012/09/30 06:21:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions
[2012/09/30 06:22:00 | 000,000,000 | ---D | M] (uTorrentControl_v1) -- C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
[2012/06/08 18:58:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}

========== Chrome ==========

CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\LG\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = D:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Users\LG\AppData\Local\Google\Chrome\Application\12.0.742.122\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\LG\AppData\Local\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\LG\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\LG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\LG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\

O1 HOSTS File: ([2011/04/18 19:04:20 | 000,000,369 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files\Bandoo\Plugins\IE\ieplugin.dll (Discordia Limited)
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\Toolbar\WebBrowser: (no name) - {49C795C2-604A-4D18-AEB1-B3EBA27E5EA2} - No CLSID value found.
O3 - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.9.0.12\coieplg.dll (Symantec Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O7 - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB02E99-78CE-4162-A6EA-FEB87CB343FA}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D4B64695-F120-4671-B3EA-DEAB333FD06E}: DhcpNameServer = 195.229.241.222 213.42.20.20
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E478C8A2-8FEC-4BD5-BDAB-7C7ACAA34029}: DhcpNameServer = 8.8.8.8
O20 - HKLM Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img1.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/19 20:39:03 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{371c3546-3fc9-11df-9280-000df06f4b29}\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Users^LG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: Facebook Update - hkey= - key= - C:\Users\LG\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
MsConfig - StartUpReg: GarenaPlus - hkey= - key= - C:\Program Files\Garena Plus\GarenaMessenger.exe ()
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\LG\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 1

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/09 18:11:42 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2013/01/09 18:07:53 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 18:05:49 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012/12/22 00:37:24 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/22 00:37:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 16:04:59 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4256316082-3585215898-1457211865-1000UA.job
[2013/01/18 16:04:27 | 000,045,194 | ---- | M] () -- C:\Users\LG\AppData\Roaming\room_v3.dat
[2013/01/18 15:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 15:47:59 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4256316082-3585215898-1457211865-1000UA.job
[2013/01/18 14:53:12 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 14:53:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 14:52:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 14:52:07 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 03:50:16 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/18 00:47:59 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4256316082-3585215898-1457211865-1000Core.job
[2013/01/17 21:10:56 | 000,000,227 | ---- | M] () -- C:\Users\LG\Desktop\Sound - Shortcut.lnk
[2013/01/17 04:45:59 | 000,000,490 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2013/01/16 01:54:34 | 000,160,256 | ---- | M] () -- C:\Users\LG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/15 04:24:56 | 293,022,890 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/10 16:26:03 | 000,606,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/10 16:26:03 | 000,105,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/10 16:13:20 | 000,421,672 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 00:58:48 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/10 00:58:48 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/10 00:50:02 | 000,068,920 | ---- | M] () -- C:\Users\LG\Desktop\398010_339347026084713_505045156_n.jpg
[2012/12/30 01:36:29 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/17 21:10:56 | 000,000,227 | ---- | C] () -- C:\Users\LG\Desktop\Sound - Shortcut.lnk
[2013/01/15 04:24:56 | 293,022,890 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/10 16:12:14 | 000,421,672 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/10 00:50:12 | 000,068,920 | ---- | C] () -- C:\Users\LG\Desktop\398010_339347026084713_505045156_n.jpg
[2012/12/30 01:36:29 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\Garena Plus.lnk
[2012/04/13 12:54:05 | 000,000,552 | ---- | C] () -- C:\Users\LG\AppData\Local\d3d8caps.dat
[2011/09/15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/05/27 00:47:32 | 000,045,194 | ---- | C] () -- C:\Users\LG\AppData\Roaming\room_v3.dat
[2011/05/09 16:08:59 | 000,046,658 | ---- | C] () -- C:\Users\LG\AppData\Roaming\room.dat
[2011/05/06 23:00:21 | 001,524,112 | ---- | C] () -- C:\Windows\System32\bandoolmx.dll
[2011/05/06 09:31:43 | 000,000,221 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/02/28 21:57:14 | 000,000,017 | ---- | C] () -- C:\Windows\keys.ini
[2011/02/11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2011/02/11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2011/02/11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/11/25 22:14:54 | 000,000,600 | ---- | C] () -- C:\Users\LG\PUTTY.RND
[2010/07/11 14:26:11 | 000,000,681 | ---- | C] () -- C:\Users\LG\AppData\Roaming\MPQEditor.ini
[2010/07/09 20:13:50 | 000,001,356 | ---- | C] () -- C:\Users\LG\AppData\Local\d3d9caps.dat
[2010/02/15 15:39:07 | 000,160,256 | ---- | C] () -- C:\Users\LG\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 16:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 10:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 10:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543225L9A300
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 2.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 115.00GB
Starting Offset: 1611661312
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 106.00GB
Starting Offset: 125091971072
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 239319646208
Hidden sectors: 0


< %SYSTEMDRIVE%\*.* >
[2011/06/19 20:39:03 | 000,000,024 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/11 10:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/11/26 12:50:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 01:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2013/01/18 14:52:07 | 2075,336,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/09 23:43:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/09 23:43:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2013/01/18 14:52:05 | 2389,123,072 | -HS- | M] () -- C:\pagefile.sys
[2011/06/20 17:37:24 | 000,061,823 | ---- | M] () -- C:\qhdebug.log
[2010/09/02 14:40:34 | 000,233,233 | ---- | M] () -- C:\QUAR.RPT
[2010/11/18 21:36:19 | 000,000,024 | -H-- | M] () -- C:\SystemLang.ini
[2011/11/07 10:14:18 | 000,000,073 | ---- | M] () -- C:\test.log

< %systemdrive%\drivers\*.exe >

< %systemroot%\system32\drivers\*.* /90 >
[2012/11/15 05:29:54 | 000,035,592 | ---- | M] (AnchorFree Inc.) -- C:\Windows\system32\drivers\hssdrv6.sys
[2012/11/15 05:36:52 | 000,035,592 | ---- | M] (Anchorfree Inc.) -- C:\Windows\system32\drivers\taphss6.sys

< %PROGRAMFILES%\*.* >
[2008/01/21 06:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/14 06:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/14 06:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

< HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\LG\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/11 21:07:35 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/14 06:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SOFTWARE\CLIENTS\Startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/11/14 06:56:04 | 000,757,296 | ---- | M] (Microsoft Corporation)

========== Files - Unicode (All) ==========
[2012/03/16 01:51:16 | 000,000,000 | ---D | M](C:\Windows\System32\?G????) -- C:\Windows\System32\Ǧ겅Ϝ�痿
[2012/03/16 01:51:16 | 000,000,000 | ---D | C](C:\Windows\System32\?G????) -- C:\Windows\System32\Ǧ겅Ϝ�痿

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >



EXTRAS log.
OTL Extras logfile created on: 1/18/2013 4:12:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\LG\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 50.77% Memory free
4.10 Gb Paging File | 3.18 Gb Available in Paging File | 77.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 115.00 Gb Total Space | 51.33 Gb Free Space | 44.63% Space Free | Partition Type: NTFS
Drive D: | 106.38 Gb Total Space | 82.91 Gb Free Space | 77.93% Space Free | Partition Type: NTFS

Computer Name: LG-PC | User Name: LG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A24C2C-DFEE-4DE4-86CD-5A055B5E8083}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{160F4485-BD7A-4583-B51F-84AF2CCF31E8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{297B2CFF-D98C-4738-86AA-F4A24E12FFD4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A82A4F4-D782-4BD7-BF5A-525E1B70B762}" = rport=137 | protocol=17 | dir=out | app=system |
"{385F5E97-8256-4096-A99A-EAEE0ED1E8F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{52940A6F-5EC2-4BAF-A4C0-F15D84C81803}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7154C10B-D51A-4125-AB73-AF887B616EC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8F9D9D57-C0E1-4CEA-B567-C36692FF0061}" = lport=139 | protocol=6 | dir=in | app=system |
"{A19298F4-81C2-4862-A9BF-31040B15F485}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A58CBE3F-8D75-48BA-A8D9-95BF66D95D84}" = lport=138 | protocol=17 | dir=in | app=system |
"{AABA137F-5B70-41FA-BD9A-747F2C0B16BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ADEC1271-7F99-4414-8505-08DF735FCDEF}" = rport=138 | protocol=17 | dir=out | app=system |
"{C58BAE6F-0ADC-4B52-8152-3BECADCE7C54}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CBC6CB7E-FA35-4318-9E4F-A29FDEA775A7}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E192BBA2-1EC2-4811-94E3-42356819460F}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED8C3AE2-18EF-4C10-B207-D0C3D410D382}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2587793-5694-4AAA-AD8C-2EEC0CACF804}" = lport=137 | protocol=17 | dir=in | app=system |
"{F2607020-CCA5-4400-AC60-3F7DFE2D6589}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{F899851A-A3F7-4D9F-8C4D-F3479D310600}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0298994A-7E04-4414-ABF9-1C83BF8D1E7E}" = protocol=17 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{0536B35B-3C33-41CD-AEDD-D889E201C09C}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{15E22B46-FFA8-4F60-8979-0DA9A34245EC}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{16E5AB07-6F43-4D33-8360-91841DA396AA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2EB93CF9-8026-4EC2-BB9F-D5A51D21CF1D}" = dir=in | app=c:\users\lg\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{30516E49-37EB-4904-8E80-C42B260E235B}" = protocol=6 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{5205318B-0232-445A-A830-49E2C1E5DCE2}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{535B2BDE-7411-4C44-9FB5-BC211B53FEA3}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{54BFE425-1848-4399-B02B-B39AE242D02B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{5CBBB77E-5C62-4FC2-8822-B1E30A9DE314}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{6643C379-93D5-46E2-AD25-DD6CC7DE8E2F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{724EFDFD-99BA-4BA8-BD9C-FF0767F564D8}" = protocol=6 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{767F858B-94D7-4FE7-8258-AE04B76FA9D5}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7A35ED43-463F-41B5-B798-D1039EDCEC5E}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{9CFBCF2E-5F53-4A2C-9E8A-EA3248F9DE91}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9FE8952B-1F73-49B3-B927-CD5FF78042E2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A88DF7AF-8E6E-498B-95EF-3E6B26BF3998}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AB31BF2D-51B4-4B78-9D6B-EE3E983AFAEA}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{B6B2C2DC-1AD5-484A-A061-1D4721979CB9}" = protocol=17 | dir=in | app=d:\downloads\celestial\celestia luna online alpha\lunapatcher.exe |
"{C60045D6-6397-4649-9EEB-5546B4CCB1A9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CBC87C94-7654-4E7A-9900-D00B81CED60A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CD46D016-182F-4FF3-B413-8DC3C46F03DF}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{FAF63FB2-9E2E-44FA-B993-3A1A7D9BBC82}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{0273B26C-0665-49AE-AB79-7E9E7C9476FA}D:\lan game\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\lan game\warcraft iii\war3.exe |
"TCP Query User{12897C77-0D79-466A-BD35-3C7799E66F03}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{F79BB47E-AE53-4954-A675-7ABE8F104776}D:\back up files\warcraft 3\war3.exe" = protocol=6 | dir=in | app=d:\back up files\warcraft 3\war3.exe |
"TCP Query User{F97FB8FD-3678-46BE-B8B1-68683ECDDCC7}D:\back up files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\back up files\warcraft iii\war3.exe |
"UDP Query User{3970533B-082C-4407-B193-774E9EE7EA3D}D:\lan game\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\lan game\warcraft iii\war3.exe |
"UDP Query User{6A612134-151D-4313-85A8-E6C08990BF9F}D:\back up files\warcraft 3\war3.exe" = protocol=17 | dir=in | app=d:\back up files\warcraft 3\war3.exe |
"UDP Query User{93407599-93AD-4AC9-AED5-F5C403C86A27}D:\back up files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\back up files\warcraft iii\war3.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5600
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{423799F1-0BD5-4B2D-8BD6-2A49BCEA583B}" = Ralink Wireless LAN Client Adapter
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{81717D01-32F6-449C-85E1-41AFD678E545}" = LG Intelligent Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFCEE46-4F58-4C2F-87C5-E4A686B38265}" = LG OSD
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_PROHYBRIDR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_PROHYBRIDR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9672CAD2-F310-42D6-9147-E4A4B6ED8395}" = LG Magnifier
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DABD50F7-0001-0002-0003-ABCDEFABCDEF}" = LG Smart Indicator
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Bandoo" = Bandoo
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EzManual" = EzManual
"GOM Player" = GOM Player
"HDMI" = Intel® Graphics Media Accelerator Driver
"im" = Garena Plus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = LG Smart Recovery
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6c
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/13/2013 2:57:03 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/13/2013 7:59:48 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/13/2013 4:40:29 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2013 4:16:48 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/14/2013 8:26:26 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2013 12:21:35 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2013 8:23:53 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/16/2013 4:45:52 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/17/2013 12:27:18 PM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/18/2013 6:53:30 AM | Computer Name = LG-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/16/2013 4:45:45 PM | Computer Name = LG-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.107. The computer with the IP address 192.168.0.100 did
not allow the name to be claimed by this computer.

Error - 1/16/2013 4:47:55 PM | Computer Name = LG-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 1/17/2013 12:28:01 PM | Computer Name = LG-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 1/17/2013 12:29:46 PM | Computer Name = LG-PC | Source = bowser | ID = 8003
Description =

Error - 1/17/2013 1:17:43 PM | Computer Name = LG-PC | Source = bowser | ID = 8003
Description =

Error - 1/17/2013 1:53:42 PM | Computer Name = LG-PC | Source = bowser | ID = 8003
Description =

Error - 1/17/2013 2:17:40 PM | Computer Name = LG-PC | Source = bowser | ID = 8003
Description =

Error - 1/17/2013 2:26:10 PM | Computer Name = LG-PC | Source = bowser | ID = 8003
Description =

Error - 1/18/2013 6:53:14 AM | Computer Name = LG-PC | Source = netbt | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.0.107. The computer with the IP address 192.168.0.106 did
not allow the name to be claimed by this computer.

Error - 1/18/2013 6:55:09 AM | Computer Name = LG-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >



AswMBR log.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-18 16:42:35
-----------------------------
16:42:35.667 OS Version: Windows 6.0.6002 Service Pack 2
16:42:35.668 Number of processors: 2 586 0xF0D
16:42:35.670 ComputerName: LG-PC UserName: LG
16:42:37.791 Initialize success
16:43:08.424 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:43:08.429 Disk 0 Vendor: Hitachi_ FBEO Size: 238475MB BusType: 3
16:43:08.449 Disk 0 MBR read successfully
16:43:08.455 Disk 0 MBR scan
16:43:08.462 Disk 0 unknown MBR code
16:43:08.476 Disk 0 Partition 1 00 12 Compaq diag NTFS 1536 MB offset 2048
16:43:08.495 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 117760 MB offset 3147776
16:43:08.529 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108936 MB offset 244320256
16:43:08.562 Disk 0 Partition 4 00 12 Compaq diag NTFS 10241 MB offset 467421184
16:43:08.574 Disk 0 scanning sectors +488394752
16:43:08.624 Disk 0 scanning C:\Windows\system32\drivers
16:43:16.197 Service scanning
16:43:35.178 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:43:44.352 Modules scanning
16:44:16.426 Disk 0 trace - called modules:
16:44:16.468 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spsn.sys hal.dll >>UNKNOWN [0x85572938]<<
16:44:16.483 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x867ca250]
16:44:16.498 3 CLASSPNP.SYS[88edd8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85624028]
16:44:16.514 Scan finished successfully
16:46:40.742 Disk 0 MBR has been saved successfully to "C:\Users\LG\Desktop\MBR.dat"
16:46:40.764 The log file has been saved successfully to "C:\Users\LG\Desktop\aswMBR.txt"


FSS log.
Farbar Service Scanner Version: 05-01-2013
Ran by LG (administrator) on 18-01-2013 at 16:47:19
Running from "C:\Users\LG\Downloads"
Windows Vista ™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****





Thanks a lot for your time.
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2765711
    IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu....q={SearchTerms}
    IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
    IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearsh...q={searchTerms}
    IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
    IE - HKU\S-1-5-21-4256316082-3585215898-1457211865-1000\..\SearchScopes\{C37E93D1-2232-4E38-A15D-50C19AFFA15F}: "URL" = http://search.condui...&ctid=CT3220467
    [2012/09/30 06:22:00 | 000,000,000 | ---D | M] (uTorrentControl_v1) -- C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
    [2012/06/08 18:58:55 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    CHR - default_search_provider: search_url = http://dts.search-re...q={searchTerms}
    
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT:

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please post that
  • 0

#5
cheFearl

cheFearl

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Hi Whitehat,
I follow through your instructions and this are the result of the infected files removal. Here are the logs..



All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}\ not found.
Registry key HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-4256316082-3585215898-1457211865-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C37E93D1-2232-4E38-A15D-50C19AFFA15F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C37E93D1-2232-4E38-A15D-50C19AFFA15F}\ not found.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\Plugins folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\modules folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\META-INF folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\lib folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\defaults\preferences folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\defaults folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\skin folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\sl folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\lib folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\core folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\WEATHER\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\WEATHER\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\WEATHER folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TWITTER\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TWITTER\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TWITTER\img folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TWITTER folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_POPUP\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_POPUP folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_EMBEDDED folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\TESTER_BCAPI folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\view\style folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\view\script folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\view folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\Css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\SEARCH folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\PRICE_GONG folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\Optimizer\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\Optimizer folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\NOTIFICATION folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\MULTI_RSS folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa\404 folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\wa folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\menu\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\menu\img folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\menu\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\menu folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\gf\img folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\gf\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\gf folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\gadgetFrame folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\dlg\ftd\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\dlg\ftd folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui\dlg folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ui folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\searchProtector folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\js\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\myStuffDialogs folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\features\js\resources folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\features\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\features folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\api folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ac\res folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ac\img folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ac\css folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\ac folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\js folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467 folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2} folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\LG\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
Use Chrome's Settings page to remove the default_search_provider items.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

User: LG
->Temp folder emptied: 465503843 bytes
->Temporary Internet Files folder emptied: 3460978 bytes
->Java cache emptied: 1542609 bytes
->Google Chrome cache emptied: 437540955 bytes
->Flash cache emptied: 7748 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41749105 bytes
RecycleBin emptied: 8214421 bytes

Total Files Cleaned = 914.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01202013_015620

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...











# AdwCleaner v2.106 - Logfile created 01/20/2013 at 02:10:31
# Updated 17/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : LG - LG-PC
# Boot Mode : Normal
# Running from : C:\Users\LG\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Windows\system32\bandoolmx.dll
Folder Deleted : C:\Program Files\Bandoo
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\ProgramData\Bandoo
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandoo
Folder Deleted : C:\Users\LG\AppData\Local\Conduit
Folder Deleted : C:\Users\LG\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\LG\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\LG\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\LG\AppData\Roaming\Bandoo

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A01A3335-0C30-4312-A430-92356CC37A92}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\FlashAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin
Key Deleted : HKLM\SOFTWARE\Classes\BandooIEPlugin.BandooIEPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BFlashAnimator.BFlashAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl
Key Deleted : HKLM\SOFTWARE\Classes\BGIFAnimator.BGIFAnimatorCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2765711
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220467
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3AD7A5B6-610D-4A82-979E-0AED20920690}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62E5C9E1-A0E8-4F8C-8EAF-0F9250CC5786}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C123289-82E1-4DA7-A3C2-B8D28AAD114B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419e-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE1CB632-6817-47B3-8587-D05AF75D6D5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bandoo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v12.0.742.122

File : C:\Users\LG\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.35] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=139&systemid=406&sr=0&q={searchT[...]

*************************

AdwCleaner[S1].txt - [8227 octets] - [20/01/2013 02:10:31]

########## EOF - C:\AdwCleaner[S1].txt - [8287 octets] ##########




Thanks again, you really help a lot... ^^
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP