Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ADW Bromngr? - House call freezing at fix stage [Solved]

Started by shnolan , Feb 27 2013 03:53 PM

  • This topic is locked This topic is locked

#1
shnolan
Posted 27 February 2013 - 03:53 PM

shnolan

    New Member

  • Member
  • Pip
  • 7 posts
Hi and thanks for this.

The issue started with claro search hijacking my homepage and a false mcafee alert that I only realised was false when I clicked on it and took me to page that asked for money.

I ran a full mcafee scan, microtrend housecall, and another microtrend program I can't recall the name of, ccleaner, microsoft security essentials and malwarebytes. This all of the visible problems but when I run housecall, it is still identifying a spyware presence that freezes the computer when I click fix so I am concerned that something remains.

Many thanks for any advice you can give me



OTL logfile created on: 27/02/2013 21:36:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Shona\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 44.26% Memory free
5.87 Gb Paging File | 4.21 Gb Available in Paging File | 71.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 256.99 Gb Total Space | 150.83 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 30.66 Gb Free Space | 76.66% Space Free | Partition Type: NTFS

Computer Name: SHONA-PC | User Name: Shona | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/27 21:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Shona\Downloads\OTL.exe
PRC - [2013/02/13 09:18:54 | 002,115,416 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/02/11 16:53:51 | 001,808,240 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_149.exe
PRC - [2013/02/06 15:31:54 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/02/05 15:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/12/27 08:10:00 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/04 14:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009/10/22 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009/10/22 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009/08/25 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/08/25 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009/08/25 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/06/03 19:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/08/13 03:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/04/02 06:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 07:06:52 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2013/02/11 16:53:50 | 014,586,736 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_149.dll
MOD - [2013/02/06 15:31:53 | 003,023,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/31 11:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/27 14:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2009/06/03 19:59:14 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/06/03 19:59:02 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
MOD - [2005/08/22 15:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Browser Manager)
SRV - [2013/02/13 09:18:54 | 001,124,184 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/02/06 15:31:53 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 15:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/27 11:11:46 | 000,295,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/18 19:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/07/05 10:02:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/10/22 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009/10/22 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2009/10/22 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009/10/22 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/05/21 11:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/07/24 10:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/04/02 06:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2013/02/19 07:06:52 | 000,055,448 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2013/02/19 07:06:51 | 000,316,984 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_50414.sys -- (RapportCerberus_50414)
DRV - [2013/02/13 09:19:12 | 000,173,880 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/02/13 09:19:12 | 000,102,680 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/02/13 09:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2013/01/20 15:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/04/23 09:55:10 | 000,202,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/04/23 09:53:36 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/04/23 09:53:34 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/04/23 09:53:34 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/04/23 09:53:34 | 000,070,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011/12/31 09:20:22 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/01/27 02:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/10/22 19:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/10/22 19:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/10/22 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/10/22 19:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009/10/22 19:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/10/22 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/08/19 13:16:16 | 000,859,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009/07/14 16:56:50 | 000,082,272 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
DRV - [2009/07/14 16:56:28 | 000,116,064 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/10 04:44:52 | 000,122,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2006/12/13 23:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005/07/11 16:10:11 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...000000000000000
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...000000000000000
IE - HKCU\..\SearchScopes\{34DF5A25-5424-40F3-B037-1429367C1EE5}: "URL" = http://websearch.ask...1E-A2D6A71A604D
IE - HKCU\..\SearchScopes\{63A2EFDC-076F-4698-B497-F1CB4A313412}: "URL" = http://www.google.co...&rlz=1I7RNTN_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = about:blank

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shona\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shona\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/27 08:11:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:31:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/06 15:31:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013/02/01 21:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shona\AppData\Roaming\Mozilla\Extensions
[2013/02/02 08:41:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shona\AppData\Roaming\Mozilla\Firefox\Profiles\d6gs0gqo.default\Extensions
[2013/02/01 21:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/27 21:31:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/27 21:32:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/06 15:31:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/21 19:13:01 | 000,006,522 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/01/16 20:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/01/16 20:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Shona\AppData\Local\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Shona\AppData\Local\Google\Chrome\Application\25.0.1364.97\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Shona\AppData\Local\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealDownloader = C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: BrowserProtect = C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent File not found
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MobileWiFi\MobileWiFi.exe ()
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave...ploader_v10.cab (PopCapLoader Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1AD305BA-7B97-4325-8C88-37AC440726A8}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5910DAAB-ECAE-4A69-9D56-676DD0A30739}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B498BE5C-BCAF-4A3A-8195-C7E1F5E0BE24}: NameServer =
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{09b847c6-b9e7-11df-b038-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{09b847c6-b9e7-11df-b038-00222007cb45}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{150550cc-703a-11e2-8cb7-ee35c88ee6eb}\Shell - "" = AutoRun
O33 - MountPoints2\{150550cc-703a-11e2-8cb7-ee35c88ee6eb}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{150550d0-703a-11e2-8cb7-ee35c88ee6eb}\Shell - "" = AutoRun
O33 - MountPoints2\{150550d0-703a-11e2-8cb7-ee35c88ee6eb}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{150550de-703a-11e2-8cb7-ee35c88ee6eb}\Shell - "" = AutoRun
O33 - MountPoints2\{150550de-703a-11e2-8cb7-ee35c88ee6eb}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{440df084-6d6a-11e0-bea7-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{440df084-6d6a-11e0-bea7-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5f967092-c340-11e1-81e2-d1415d89c0db}\Shell - "" = AutoRun
O33 - MountPoints2\{5f967092-c340-11e1-81e2-d1415d89c0db}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5f9670a6-c340-11e1-81e2-8988892acae4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f9670a6-c340-11e1-81e2-8988892acae4}\Shell\AutoRun\command - "" = F:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{5f9670b3-c340-11e1-81e2-8988892acae4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f9670b3-c340-11e1-81e2-8988892acae4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5f9670b6-c340-11e1-81e2-8988892acae4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f9670b6-c340-11e1-81e2-8988892acae4}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{5f9670ba-c340-11e1-81e2-8988892acae4}\Shell - "" = AutoRun
O33 - MountPoints2\{5f9670ba-c340-11e1-81e2-8988892acae4}\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6048ab21-d178-11df-af0c-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{6048ab21-d178-11df-af0c-00222007cb45}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{95ab206a-0543-11df-9b23-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{95ab206a-0543-11df-9b23-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{95ab206c-0543-11df-9b23-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{95ab206c-0543-11df-9b23-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{9870472e-1af0-11df-8c6a-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{9870472e-1af0-11df-8c6a-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{99e0a91a-4796-11e2-9ed6-940ec948fbf9}\Shell - "" = AutoRun
O33 - MountPoints2\{99e0a91a-4796-11e2-9ed6-940ec948fbf9}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{9adbb416-0e13-11e0-8eab-001e101f50a4}\Shell - "" = AutoRun
O33 - MountPoints2\{9adbb416-0e13-11e0-8eab-001e101f50a4}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{a1ae1f8c-086e-11df-9b2b-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{a1ae1f8c-086e-11df-9b2b-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{caed0c8d-622c-11e2-b653-bd9c4ed143c0}\Shell - "" = AutoRun
O33 - MountPoints2\{caed0c8d-622c-11e2-b653-bd9c4ed143c0}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{db04f8fe-f631-11de-8425-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{db04f8fe-f631-11de-8425-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{db04f905-f631-11de-8425-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{db04f905-f631-11de-8425-00222007cb45}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{dde85008-0ca9-11e2-97cb-ba009adb1f81}\Shell - "" = AutoRun
O33 - MountPoints2\{dde85008-0ca9-11e2-97cb-ba009adb1f81}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{e921aa2d-3d0f-11e0-a87a-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{e921aa2d-3d0f-11e0-a87a-00222007cb45}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ee4dddc7-8e45-11df-a45b-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{ee4dddc7-8e45-11df-a45b-00222007cb45}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ee4dddc8-8e45-11df-a45b-00222007cb45}\Shell - "" = AutoRun
O33 - MountPoints2\{ee4dddc8-8e45-11df-a45b-00222007cb45}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup_vmb_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/27 20:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/27 20:55:08 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/24 21:04:19 | 000,000,000 | ---D | C] -- C:\Users\Shona\AppData\Roaming\Malwarebytes
[2013/02/24 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/24 21:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/02/24 21:03:42 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/02/24 21:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/24 18:21:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/23 13:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2013/02/23 12:55:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/02/23 12:52:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/02/23 11:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/02/13 09:19:12 | 000,102,008 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/02/08 10:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/08 10:37:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/02/08 08:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/06 18:46:33 | 000,202,752 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2013/02/06 18:46:33 | 000,095,616 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2013/02/06 18:46:33 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2013/02/06 18:46:33 | 000,070,016 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2013/02/06 18:46:33 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2013/02/06 18:46:33 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2013/02/06 18:46:32 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2013/02/06 18:46:32 | 000,377,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2013/02/06 18:46:32 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2013/02/06 18:46:32 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2013/02/06 18:46:32 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2013/02/06 18:46:32 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
[2013/02/06 18:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\MobileWiFi
[2013/02/06 18:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DatacardService
[2013/02/01 21:20:42 | 000,000,000 | ---D | C] -- C:\Users\Shona\AppData\Roaming\Mozilla
[2013/02/01 21:10:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions
[2013/02/01 21:10:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins
[5 C:\Users\Shona\Documents\*.tmp files -> C:\Users\Shona\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Shona\Desktop\*.tmp files -> C:\Users\Shona\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/27 21:14:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 20:55:13 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/27 20:44:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2584426911-2888622271-2713021397-1000UA.job
[2013/02/27 18:46:21 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 18:24:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 18:24:43 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 18:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 18:16:21 | 2363,129,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 13:10:18 | 000,619,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/27 13:10:18 | 000,107,792 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/26 21:34:40 | 000,969,574 | ---- | M] () -- C:\Users\Shona\AppData\Local\census.cache
[2013/02/26 21:34:37 | 000,163,426 | ---- | M] () -- C:\Users\Shona\AppData\Local\ars.cache
[2013/02/26 20:15:47 | 000,000,500 | ---- | M] () -- C:\Windows\DCEBOOT.RST
[2013/02/26 20:13:53 | 000,181,776 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2013/02/26 20:12:45 | 000,022,032 | ---- | M] () -- C:\Windows\DCEBoot.exe
[2013/02/25 20:35:12 | 001,355,866 | ---- | M] () -- C:\Users\Shona\Desktop\ant lore.pdf
[2013/02/25 20:26:37 | 000,245,742 | ---- | M] () -- C:\Users\Shona\Desktop\weather prog.pdf
[2013/02/25 16:45:42 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2584426911-2888622271-2713021397-1000Core.job
[2013/02/25 01:09:09 | 000,000,000 | ---- | M] () -- C:\Windows\PracticalTest.ini
[2013/02/25 00:46:43 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/02/24 21:04:01 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/24 20:11:49 | 000,427,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/02/23 22:48:02 | 000,002,334 | ---- | M] () -- C:\Users\Shona\Desktop\Google Chrome.lnk
[2013/02/23 11:07:10 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/15 21:54:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/02/13 09:19:12 | 000,102,008 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2013/02/08 10:37:17 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/08 08:40:46 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/08 08:40:46 | 000,002,008 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/06 18:48:19 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\MobileWiFi.lnk
[2013/02/06 18:43:24 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013/02/01 21:20:33 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[5 C:\Users\Shona\Documents\*.tmp files -> C:\Users\Shona\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Shona\Desktop\*.tmp files -> C:\Users\Shona\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/27 20:55:13 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/02/26 20:15:47 | 000,000,500 | ---- | C] () -- C:\Windows\DCEBOOT.RST
[2013/02/26 20:12:45 | 000,022,032 | ---- | C] () -- C:\Windows\DCEBoot.exe
[2013/02/25 20:35:12 | 001,355,866 | ---- | C] () -- C:\Users\Shona\Desktop\ant lore.pdf
[2013/02/25 20:26:36 | 000,245,742 | ---- | C] () -- C:\Users\Shona\Desktop\weather prog.pdf
[2013/02/25 00:46:43 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/02/24 21:04:01 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/23 11:07:10 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/02/23 11:06:34 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/15 21:54:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_RimUsb_01007.Wdf
[2013/02/08 10:37:17 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/02/06 18:48:19 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\MobileWiFi.lnk
[2013/02/06 18:43:24 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ew_jucdcecm_01007.Wdf
[2013/02/01 21:20:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/01 21:20:32 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/01/21 01:08:26 | 000,038,821 | ---- | C] () -- C:\Users\Shona\WH3.aup
[2013/01/18 22:29:09 | 009,409,096 | ---- | C] () -- C:\Users\Shona\WH1.mp3
[2012/10/03 09:31:06 | 000,000,174 | ---- | C] () -- C:\Users\Shona\AppData\Roaming\wklnhst.dat
[2012/08/31 09:08:21 | 000,032,602 | ---- | C] () -- C:\Users\Shona\3.aup
[2012/08/31 09:08:09 | 000,010,009 | ---- | C] () -- C:\Users\Shona\2.aup
[2012/08/31 09:07:07 | 000,027,146 | ---- | C] () -- C:\Users\Shona\1.aup
[2012/08/30 18:41:55 | 003,052,772 | ---- | C] () -- C:\Users\Shona\DGHDA ch1.mp3
[2012/08/30 18:10:06 | 015,864,893 | ---- | C] () -- C:\Users\Shona\Hobbit Ch1 pt2.mp3
[2012/08/29 21:24:15 | 016,884,296 | ---- | C] () -- C:\Users\Shona\LDTTOTS ch1.mp3
[2012/08/29 20:07:34 | 009,203,042 | ---- | C] () -- C:\Users\Shona\The Hobbit Ch1, pt 1.mp3
[2012/05/19 21:58:26 | 001,410,611 | ---- | C] () -- C:\Users\Shona\13 songs.mp3
[2012/03/17 10:00:17 | 001,873,292 | ---- | C] () -- C:\Users\Shona\No cover up.mp3
[2012/03/12 01:45:05 | 001,860,335 | ---- | C] () -- C:\Users\Shona\cover.mp3
[2012/03/11 10:32:51 | 016,398,209 | ---- | C] () -- C:\Users\Shona\bhb chapt1.mp3
[2012/03/07 09:28:12 | 002,542,026 | ---- | C] () -- C:\Users\Shona\no cover up 1.mp3
[2012/03/06 18:00:24 | 000,874,787 | ---- | C] () -- C:\Users\Shona\fake 1 verse.mp3
[2012/02/27 22:17:34 | 018,932,296 | ---- | C] () -- C:\Users\Shona\chapt 10.mp3
[2012/02/27 15:08:46 | 000,036,801 | ---- | C] () -- C:\Users\Shona\chapt 10.aup
[2012/02/26 12:47:11 | 010,540,929 | ---- | C] () -- C:\Users\Shona\chapt 9 part 2.mp3
[2012/02/26 09:38:53 | 014,297,546 | ---- | C] () -- C:\Users\Shona\Chapt 9 part 1.mp3
[2012/02/25 13:37:33 | 005,769,925 | ---- | C] () -- C:\Users\Shona\Chatp 8 part 3.mp3
[2012/02/25 12:49:53 | 004,088,057 | ---- | C] () -- C:\Users\Shona\Chapt 8 part 2.mp3
[2012/02/25 08:53:01 | 009,972,505 | ---- | C] () -- C:\Users\Shona\Chapt 8 part 1.mp3
[2012/02/15 18:23:09 | 000,000,036 | ---- | C] () -- C:\Users\Shona\AppData\Local\housecall.guid.cache
[2012/02/04 01:06:01 | 016,582,111 | ---- | C] () -- C:\Users\Shona\je.mp3
[2012/02/03 11:51:17 | 011,530,657 | ---- | C] () -- C:\Users\Shona\chapt 7 part 2.mp3
[2011/11/12 15:43:27 | 000,969,574 | ---- | C] () -- C:\Users\Shona\AppData\Local\census.cache
[2011/11/12 15:42:57 | 000,163,426 | ---- | C] () -- C:\Users\Shona\AppData\Local\ars.cache
[2011/11/08 23:59:22 | 052,334,477 | ---- | C] () -- C:\Users\Shona\r851018_8047323[1].mp3
[2011/10/25 22:34:49 | 001,560,658 | ---- | C] () -- C:\Users\Shona\When.mp3
[2011/10/25 22:27:09 | 000,861,830 | ---- | C] () -- C:\Users\Shona\shortened.mp3
[2011/10/25 22:24:42 | 001,424,821 | ---- | C] () -- C:\Users\Shona\dylan.mp3
[2011/10/25 22:15:51 | 001,564,002 | ---- | C] () -- C:\Users\Shona\jolly.mp3
[2011/10/25 20:44:24 | 001,472,051 | ---- | C] () -- C:\Users\Shona\when you go pretty.mp3
[2011/10/25 20:41:56 | 001,007,698 | ---- | C] () -- C:\Users\Shona\when you go practice.mp3
[2011/10/25 20:39:51 | 001,409,775 | ---- | C] () -- C:\Users\Shona\When ye go away.mp3
[2011/10/25 20:37:33 | 001,653,445 | ---- | C] () -- C:\Users\Shona\When you go away.mp3
[2011/10/25 10:25:44 | 001,647,594 | ---- | C] () -- C:\Users\Shona\for shona.mp3
[2011/04/23 10:30:25 | 000,181,776 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2010/03/19 18:57:57 | 000,003,584 | ---- | C] () -- C:\Users\Shona\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 11:03:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 22:14:43 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/07/13 23:24:44 | 000,002,048 | ---- | C] () -- C:\Users\Shona\AppData\Local\rkrec1.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/15 23:10:35 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Audacity
[2012/10/21 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Babylon
[2011/04/23 10:30:18 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\C97D99AC2BAEEB87D3B4CE59C45FAD43
[2012/10/03 09:31:06 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Template
[2010/10/31 12:33:22 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Trusteer
[2012/07/01 13:10:51 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Vodafone

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 28 February 2013 - 09:15 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What was the file that housecall identified ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - File not found [Disabled | Stopped] -- -- (Browser Manager)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-sea...000000000000000
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-sea...000000000000000
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe /silent File not found
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
[2012/10/21 19:12:40 | 000,000,000 | ---D | M] -- C:\Users\Shona\AppData\Roaming\Babylon

:Files
c:\ProgramData\Browser Manager

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced please attach that
  • 0

#3
shnolan
Posted 28 February 2013 - 02:21 PM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have a screen shot of the fix screen (pasted into a word doc) but this mustn't be an allowed format as an attachment? I haven't been able to figure out how to get housecall to produce a log. The title of this post is all that I can read off the shortened url. I'll be home in a couple of hours and will try your fix then :)

thanks a million
  • 0

#4
Essexboy
Posted 28 February 2013 - 02:23 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I like mysteries :)
  • 0

#5
shnolan
Posted 28 February 2013 - 03:50 PM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
ran the fix in otl when the laptop started up it automatically produced a log and this is it: will go to second step now

All processes killed
========== OTL ==========
Service Browser Manager stopped successfully!
Service Browser Manager deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9E131A93-EED7-4BEB-B015-A0ADB30B5646} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VDownloader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll deleted successfully.
File move failed. c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll scheduled to be moved on reboot.
C:\Users\Shona\AppData\Roaming\Babylon folder moved successfully.
========== FILES ==========
Folder move failed. c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73} scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager\2.6.1123.78 scheduled to be moved on reboot.
Folder move failed. c:\ProgramData\Browser Manager scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Shona
->Temp folder emptied: 86657057 bytes
->Temporary Internet Files folder emptied: 806490 bytes
->Java cache emptied: 201951 bytes
->FireFox cache emptied: 26804653 bytes
->Google Chrome cache emptied: 13566002 bytes
->Flash cache emptied: 3130959 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10600 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 02282013_214053

Files\Folders moved on Reboot...
c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll moved successfully.
c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\traking_settings folder moved successfully.
c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components folder moved successfully.
c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension folder moved successfully.
c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73} folder moved successfully.
c:\ProgramData\Browser Manager\2.6.1123.78 folder moved successfully.
c:\ProgramData\Browser Manager folder moved successfully.
File\Folder C:\Users\Shona\AppData\Local\Temp\~DF45E6664EEBFEAC85.TMP not found!
File\Folder C:\Users\Shona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{787C6D57-3CAF-46AC-8AB2-DC9B01CE99B4}.tmp not found!
File\Folder C:\Users\Shona\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B7E16FB5-44F4-47A9-877B-6997EDA68730}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
shnolan
Posted 28 February 2013 - 03:57 PM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
please find adwcleaner report below:

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 21:52:05
# Updated 23/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Shona - SHONA-PC
# Boot Mode : Normal
# Running from : C:\Users\Shona\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Shona\AppData\Roaming\Mozilla\Firefox\Profiles\d6gs0gqo.default\bprotector_extensions.sqlite
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Shona\AppData\LocalLow\Claro LTD

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\d5588deb469b810
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\d5588deb469b810
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Shona\AppData\Roaming\Mozilla\Firefox\Profiles\d6gs0gqo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Shona\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3732 octets] - [28/02/2013 21:52:05]

########## EOF - C:\AdwCleaner[S1].txt - [3792 octets] ##########
  • 0

#7
Essexboy
Posted 28 February 2013 - 04:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ? Any problems

Could you run Housecall again to ensure it has now gone
  • 0

#8
shnolan
Posted 28 February 2013 - 04:10 PM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Everything seems fine :) will run housecall again and come back to you. thanks so much for this, it really is just the most amazing service :)
  • 0

#9
Essexboy
Posted 28 February 2013 - 04:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, If you are happy after the housecall run I will remove my tools and tidy up
  • 0

#10
shnolan
Posted 28 February 2013 - 04:32 PM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
You total star!! housecall has finished the scan and has detected nothing :) :)
  • 0

#11
Essexboy
Posted 01 March 2013 - 06:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Clear Restore Points

Go Start > All Programmes > Accessories > System tools
Right click Disc Cleanup and select run as administrator
Select More Options tab
Press Sytem Restore and Shadow Copies Cleanup button
Posted Image


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#12
shnolan
Posted 02 March 2013 - 11:10 AM

shnolan

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you so much for all this :) I have completed all the steps you've listed above and nothing seems untoward with the computer!
Thanks again,
~S
  • 0

#13
Essexboy
Posted 02 March 2013 - 12:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP