[Conrad 678]

My compter is acting weird. Runs slower than normal. It locks up when I try to open certain programs. Won't run some programs. My virus ware (McAfee) shows nothing. I also ran Malwarebytes and it came up blank also. I'm sure I have a bug, but can't find it.

Help!

Thanks!

[Advertisements]

Hello Conrad and

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be checked by my instructor prior to me posting them

Before we continue, I would like you to read the following text:

• Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
• Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
• Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
• If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
• Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
• Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
• Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
• If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
• Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click Run Scan. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Tom

Edited by tom982, 21 March 2013 - 08:58 AM.

[tom982]

Hello Conrad and

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently still in training, all of my posts have to be checked by my instructor prior to me posting them

Before we continue, I would like you to read the following text:

• Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
• Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
• Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
• If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
• Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
• Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
• Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
• If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
• Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

OTL

• Download OTL to your Desktop
• Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click Run Scan. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Tom

Edited by tom982, 21 March 2013 - 08:58 AM.

[Conrad 678]

I downloaded OT to my desktop, closed all the windows, hit SCAN and nothing happens.

[Conrad 678]

OK-I guess it was running all the time. Here are the reports:

OTL Extras logfile created on: 3/21/2013 6:38:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 547.08 Mb Available Physical Memory | 54.00% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 98.19 Gb Free Space | 72.23% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{28897DAB-41C6-43A0-B028-34CA2BA2E593}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{791A5DE1-7896-45D1-B6CB-C5C890E05E2B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{875BC68E-323A-42DF-B6F3-5489B505D950}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{87788A32-CDCB-4CA9-A243-A3412404D53D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BBCECAFF-C49A-4B15-A3F9-A6321BC4A7AF}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0B5AAF-49ED-4750-9D64-53C47107635D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1BCCD240-F9D7-4136-9758-0CA9D5918486}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{20AD2D19-F22F-47CB-8452-2172D7E4947F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{27FB5F55-8A1A-4430-A84F-02F0D60CD588}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{324691EB-D822-4474-8714-474655A8CBA9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{339A176F-F7AF-4047-9F90-B42F67639751}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{36197783-3E04-4A9B-81B5-35295FCE7200}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{3B193BFB-4937-450C-9B46-C1C95C7CF321}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{4099B19D-90B8-4CB7-B393-2A36F5D123EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{4B642953-5B37-455B-9F39-B9CCCB505FBC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{4CD608BF-849D-4E05-A2B7-B8FC6AACE7B9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{51376199-197B-4903-986A-F41B3E676B77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{53C21937-0E6F-4075-9B3D-3864438CDA4E}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{5D46AF99-AAE0-44B7-8AA5-774E47743F00}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{5ECAA810-E9AB-402E-B559-ADBF14233C65}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{64AA522F-CED0-4717-A843-AC743F80A6B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6A28D0B1-8EA0-4936-A8EB-00A471D66255}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{703F1EAC-6C77-4AF7-AFAD-27A6AAFFE2FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{70EE3718-24BE-45B6-AE84-4C5D046535E2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{7540F383-3298-462F-9B4C-FEEB13D5D1DF}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{824CDDA9-0C83-4D2D-880F-D5B6BDB717DA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{837579D5-F9CF-4376-AED3-558064C69AE9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{974784C1-BFA7-44B8-8CE7-6F3A0DDC105A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9D7D92B3-7272-4D7F-8A12-D6AF149C549F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{B367E43F-70F3-4B1F-B660-44B6EBC7E3E4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{B7049071-4AA2-4BAC-9877-7C0A3BE88FB2}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B82DF522-867F-4A37-BE6C-869046E92D0E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA46C6CE-2999-48EB-979A-822F74CDA8D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{BD5C84C7-8530-4FE2-8DFA-BE13DB1AF177}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{C9005C96-97EB-4F94-9BC2-CB69B2EC708C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{D3398D6C-4AE8-4CFA-B4C9-2ACBFBBA8DDF}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{DDD78EE4-C112-490E-B50A-3CB7966B1064}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{E0394B1B-5250-4264-8F31-3691FFC93FA8}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC055155-B561-4EEE-B0F5-87483E885A57}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F02ADA5C-D8AE-4B79-83B2-A22B025E34BF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F6CA1272-0187-4AF6-8CDB-B3104125241B}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.178.503
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.2
"F3C7F6463C419D1D216961B5B81E2FE534986562" = ENE USB Card Reader Driver
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078760" = Insaniquarium Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078957" = Blasterball 3
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079061" = Jewel Quest
"WT079065" = Jewel Quest Solitaire 3
"WT079105" = Penguins!
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079209" = Diner Dash
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2012 8:03:58 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/2/2012 9:37:32 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1548 Start
Time: 01cdb9634b69bfcd Termination Time: 58 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/3/2012 1:42:44 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/5/2012 8:30:50 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/5/2012 9:02:43 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/5/2012 9:07:14 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4e8 Start
Time: 01cdbbbae1f0aa09 Termination Time: 390 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/6/2012 7:04:42 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/6/2012 8:39:08 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/6/2012 8:24:31 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/8/2012 6:19:59 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 3/21/2013 7:35:49 AM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 3/21/2013 7:36:11 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/21/2013 5:08:25 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 3/21/2013 5:08:46 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/21/2013 6:43:05 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 3/21/2013 6:43:27 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/21/2013 7:22:35 PM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 3/21/2013 7:22:56 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 3/21/2013 8:25:43 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the GREGService service.

Error - 3/21/2013 8:25:43 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >


OTL logfile created on: 3/21/2013 6:38:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 547.08 Mb Available Physical Memory | 54.00% Memory free
1.99 Gb Paging File | 1.13 Gb Available in Paging File | 56.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 98.19 Gb Free Space | 72.23% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/21 18:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/03/13 06:25:41 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/01/14 19:00:22 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/03/13 06:26:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/11 22:28:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\KMAN'S~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34wwi5w46n2t259
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/03/11 21:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/03/21 18:31:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/03/21 05:45:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130309051627.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/21 18:30:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/21 18:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/16 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2013/03/15 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2013/03/15 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2013/03/15 20:57:36 | 000,000,000 | ---D | C] -- C:\Programs
[2013/03/14 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/14 21:14:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/14 20:36:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/03/14 20:36:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/03/14 20:36:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/03/14 20:33:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/14 20:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/13 06:56:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/13 06:56:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 06:56:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 06:56:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 06:56:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 06:56:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/13 06:56:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 06:56:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/09 10:18:24 | 000,000,000 | ---D | C] -- C:\TRAUMEREI
[2013/03/09 10:18:22 | 000,000,000 | ---D | C] -- C:\ST. ANTHONY DIVERTIMENTO
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\Prophetiae Sibyllarum
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\PRELUDIO
[2013/03/09 10:18:20 | 000,000,000 | ---D | C] -- C:\Prelude & Fugue #12 in F Min (WTC, Book I)
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\PACHELBEL MOTET
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\O HOLY NIGHT
[2013/03/09 10:18:17 | 000,000,000 | ---D | C] -- C:\NON PIU ANDRAI
[2013/03/09 10:18:15 | 000,000,000 | ---D | C] -- C:\LARGO AL FACTOTUM
[2013/03/09 10:18:14 | 000,000,000 | ---D | C] -- C:\HOW LOVELY IS THY DWELLING PLACE
[2013/03/09 10:18:13 | 000,000,000 | ---D | C] -- C:\FESTIVAL PRELUDE
[2013/03/09 10:18:12 | 000,000,000 | ---D | C] -- C:\ELEVAZIONE
[2013/03/09 10:18:09 | 000,000,000 | ---D | C] -- C:\BRUNNER NATIONAL GUARD
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\Battaglia Galiard
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\AVE MARIA (BUONAMICI)
[2013/03/09 10:18:04 | 000,000,000 | ---D | C] -- C:\ALTE KAMERADEN
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\ALLEIN AUF GOTES WORT
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\A SCHUMANN SAMPLER
[2013/03/09 10:18:01 | 000,000,000 | ---D | C] -- C:\A MES YEUX ENCHANTES
[2013/03/09 10:06:15 | 000,000,000 | ---D | C] -- C:\24 Bach Chorales
[2013/02/27 06:21:02 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/02/27 06:20:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/02/27 06:20:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 06:20:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 06:20:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 06:20:12 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/02/27 06:20:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 06:20:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 06:20:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 06:20:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 06:20:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 06:20:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 06:20:08 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/02/27 06:20:07 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/02/27 06:20:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/02/27 06:20:07 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/02/27 06:20:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/02/27 06:20:07 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/02/27 06:20:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/02/27 06:20:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/02/27 06:20:06 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/02/27 06:20:06 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/02/27 06:20:05 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/02/27 06:20:05 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/02/27 06:20:03 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/21 19:25:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/21 18:45:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/21 18:43:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/21 18:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/21 18:30:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 18:30:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/21 18:22:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/21 18:22:21 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/21 18:03:02 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2013/03/19 19:33:25 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/03/16 16:31:52 | 000,001,083 | ---- | M] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/13 06:25:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 06:25:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/09 10:06:05 | 000,000,378 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/19 19:33:25 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/03/16 16:31:52 | 000,001,083 | ---- | C] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/14 20:36:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/03/14 20:36:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/03/14 20:36:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/03/14 20:36:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/03/14 20:36:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/03/09 10:06:05 | 000,000,378 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/06/14 20:45:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/06/12 16:23:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/12 16:23:33 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2011/06/12 16:23:30 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

[tom982]

Hi Conrad,

I notice that you have run Combofix, can you post the log please:

C:\ComboFix.txt

Tom

[Conrad 678]

Here it is:

ComboFix 13-03-21.02 - K Man's Travel Pal 03/23/2013 8:16.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.476 [GMT -5:00]
Running from: c:\users\K Man's Travel Pal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2IGKA1PJ\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 )))))))))))))))))))))))))))))))
.
.
2013-03-23 13:49 . 2013-03-23 13:50 -------- d-----w- c:\users\K Man's Travel Pal\AppData\Local\temp
2013-03-23 13:49 . 2013-03-23 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-16 02:02 . 2013-03-16 02:02 -------- d-----w- c:\users\K Man's Travel Pal\AppData\Roaming\cef-cache
2013-03-16 02:00 . 2013-03-16 02:00 -------- d-----w- c:\users\K Man's Travel Pal\AppData\Roaming\PPNet
2013-03-16 01:57 . 2013-03-16 01:57 -------- d-----w- C:\Programs
2013-03-09 15:18 . 2013-03-09 15:18 -------- d-----w- C:\TRAUMEREI
2013-03-09 15:06 . 2013-03-09 15:06 -------- d-----w- C:\24 Bach Chorales
2013-02-27 11:21 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 11:25 . 2012-04-12 01:25 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 11:25 . 2011-07-06 10:29 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-19 20:15 . 2012-08-23 00:52 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 20:12 . 2012-06-22 12:55 210608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 20:12 . 2012-08-23 00:38 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 20:11 . 2012-08-23 00:52 10088 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 20:10 . 2012-08-23 00:52 92632 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 20:09 . 2012-06-22 12:52 565888 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 20:09 . 2012-08-23 00:52 363080 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 20:08 . 2012-08-23 00:52 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-02-19 20:08 . 2012-08-23 00:52 235264 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 20:07 . 2012-06-22 12:50 133416 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-12 04:48 . 2013-03-13 11:45 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 11:46 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-05 05:00 . 2013-02-14 01:31 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-14 01:31 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-15 01:28 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-14 01:33 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-14 01:32 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-14 01:31 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-12 03:28 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 01:11 2872120 ----a-w- c:\program files\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-15 1278064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^K Man's Travel Pal^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePower Management]
2010-04-23 15:46 715296 ----a-w- c:\program files\Acer\Acer ePower Management\ePowerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
2010-03-11 05:11 407920 ----a-w- c:\program files\EgisTec IPS\PmmUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
2010-03-11 05:11 201584 ----a-w- c:\program files\EgisTec IPS\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-04-22 17:16 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-23 00:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-05 02:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-04-22 17:16 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2010-04-08 04:18 908368 ----a-w- c:\program files\Launch Manager\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2010-04-17 05:57 349552 ----a-w- c:\program files\EgisTec MyWinLocker\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-04-22 17:16 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2011-06-12 21:21 206208 ----a-w- c:\windows\PLFSetI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-03-12 21:54 8546848 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuiteTray]
2010-04-17 06:28 337264 ----a-w- c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 20:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-05-12 03:28 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-02-05 08:46 1692968 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 MOBKbackup;McAfee Online Backup;c:\program files\McAfee Online Backup\MOBKbackup.exe [x]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 11:26]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 21:10]
.
2013-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-12 21:10]
.
2013-03-21 c:\windows\Tasks\vtscheduletask.job
- c:\program files\McAfee\Supportability\MVT\MvtApp.exe [2012-07-01 02:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=ao533&r=27b506118515l0434wwi5w46n2t259
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 10.0.0.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-23 08:56:39
ComboFix-quarantined-files.txt 2013-03-23 13:56
ComboFix2.txt 2013-03-15 02:16
.
Pre-Run: 105,188,020,224 bytes free
Post-Run: 105,033,605,120 bytes free
.
- - End Of File - - 80E924E730A62214C4807960319CDD5E

[tom982]

Hi Conrad,

There is nothing of much concern in either your OTL or your Combofix log so I would like to double check with one last scan:

ESET Online Scanner

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer or Firefox for this scan.

Before you continue, please disable your anti-virus for the duration of the scan. Enable it when the scan has completed

• Tick the box next to YES, I accept the Terms of Use.
• Click Start.
• When asked, allow the ActiveX control to install.
• Click Start.
• Make sure that the option Scan unwanted applications is checked and Remove found threats is not checked.
• Click Scan (This scan can take several hours, so please be patient).
• Once the scan is completed, you may close the window.
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic

.

Tom

[Conrad 678]

I can't get this file to open. Not 100% sure it is necessary--right now the computer seems to be running OK. Do we need to do anything else?

[tom982]

Hi Conrad,

Would you mind trying one more time please? It will be located in one of the following locations:

C:\Program Files\ESET\ESET Online Scanner\log.txt
C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt

If you're still having problems then just let me know

OTL Fix

• Run OTL.
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :OTL
  O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
  O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
  
  :Files
  netsh advfirewall reset /c
  netsh advfirewall set allprofiles state off /c 
  
  :Commands
  [EMPTYTEMP]

  
  
• Click the Run Fix button.
• After your computer has rebooted, run OTL and click Quick Scan.
• Copy and paste the contents of the log that it produces into your next post.

I would also like you to download Combofix to your Desktop from the following location:

http://download.blee...Bs/ComboFix.exe

Please don't do anything with it for now, this is merely a preparation step for later.

Tom

Edited by tom982, 25 March 2013 - 03:47 PM.

[Conrad 678]

This is what I could find. Doesn't seem very long.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

Thanks!

[Conrad 678]

Here are the logs.

Thanks!

OTL Extras logfile created on: 3/26/2013 10:03:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 225.44 Mb Available Physical Memory | 22.25% Memory free
1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 97.06 Gb Free Space | 71.40% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{789FC4C2-7DEE-4dc0-9E12-9A013AE80C8E}" = 3300
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{A0724A7E-F4E7-498e-B3F9-6FB2B909E56E}" = 3100_3200_3300_Help
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.178.503
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0A43EF2-46A5-4de2-916A-C515D8AA1618}" = 3100_3200_3300trb
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Game Console" = Acer Game Console
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Audacity_is1" = Audacity 2.0.2
"ESET Online Scanner" = ESET Online Scanner v3
"F3C7F6463C419D1D216961B5B81E2FE534986562" = ENE USB Card Reader Driver
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"Finale PrintMusic 2010" = Finale PrintMusic 2010
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LAME_is1" = LAME v3.99.3 (for Windows)
"LManager" = Launch Manager
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security
"PokerStars.net" = PokerStars.net
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WT078749" = Bejeweled 2 Deluxe
"WT078760" = Insaniquarium Deluxe
"WT078774" = Zuma Deluxe
"WT078953" = Blackhawk Striker 2
"WT078957" = Blasterball 3
"WT078961" = Bob the Builder Can-Do-Zoo
"WT079017" = Faerie Solitaire
"WT079021" = FATE - The Traitor Soul
"WT079061" = Jewel Quest
"WT079065" = Jewel Quest Solitaire 3
"WT079105" = Penguins!
"WT079113" = Polar Bowler
"WT079117" = Polar Golfer
"WT079153" = The Price is Right
"WT079173" = Virtual Villagers - A New Home
"WT079179" = Yahtzee
"WT079209" = Diner Dash
"WT079218" = Escape Rosecliff Island
"WT079643" = Virtual Families
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2012 8:03:58 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/2/2012 9:37:32 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1548 Start
Time: 01cdb9634b69bfcd Termination Time: 58 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/3/2012 1:42:44 PM | Computer Name = KMansTravelPal | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 11/5/2012 8:30:50 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/5/2012 9:02:43 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/5/2012 9:07:14 PM | Computer Name = KMansTravelPal | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 4e8 Start
Time: 01cdbbbae1f0aa09 Termination Time: 390 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 11/6/2012 7:04:42 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/6/2012 8:39:08 AM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/6/2012 8:24:31 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

Error - 11/8/2012 6:19:59 PM | Computer Name = KMansTravelPal | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 3/25/2013 10:48:06 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 3/25/2013 12:26:12 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/25/2013 4:38:06 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 3/25/2013 8:13:59 PM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 3/26/2013 12:39:25 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Appinfo service.

Error - 3/26/2013 9:48:11 AM | Computer Name = KMansTravelPal | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.17
with the system having network hardware address F0-A2-25-CD-5E-39. Network operations
on this system may be disrupted as a result.

Error - 3/26/2013 10:40:03 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 3/26/2013 10:40:14 AM | Computer Name = KMansTravelPal | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}
because another computer on the network has the same name. The server could not
start.

Error - 3/26/2013 10:42:38 AM | Computer Name = KMansTravelPal | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll
Error
Code: 126

Error - 3/26/2013 10:42:58 AM | Computer Name = KMansTravelPal | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >

OTL logfile created on: 3/26/2013 10:03:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 225.44 Mb Available Physical Memory | 22.25% Memory free
1.99 Gb Paging File | 0.86 Gb Available in Paging File | 43.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 97.06 Gb Free Space | 71.40% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 10:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/03/13 06:25:41 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/01/14 19:00:22 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/03/13 06:26:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/11 22:28:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34wwi5w46n2t259
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/03/11 21:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/03/26 09:50:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/03/21 05:45:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130326094546.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 192.168.1.1 68.115.71.53 68.113.206.10 66.189.0.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/26 10:02:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/26 09:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/25 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/25 18:23:08 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/23 08:56:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/23 08:56:43 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\temp
[2013/03/16 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2013/03/15 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2013/03/15 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2013/03/15 20:57:36 | 000,000,000 | ---D | C] -- C:\Programs
[2013/03/14 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/14 20:33:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/14 20:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/13 06:56:32 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/13 06:56:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/13 06:56:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/13 06:56:30 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/13 06:56:29 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/13 06:56:27 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/13 06:56:27 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/13 06:56:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/03/09 10:18:24 | 000,000,000 | ---D | C] -- C:\TRAUMEREI
[2013/03/09 10:18:22 | 000,000,000 | ---D | C] -- C:\ST. ANTHONY DIVERTIMENTO
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\Prophetiae Sibyllarum
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\PRELUDIO
[2013/03/09 10:18:20 | 000,000,000 | ---D | C] -- C:\Prelude & Fugue #12 in F Min (WTC, Book I)
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\PACHELBEL MOTET
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\O HOLY NIGHT
[2013/03/09 10:18:17 | 000,000,000 | ---D | C] -- C:\NON PIU ANDRAI
[2013/03/09 10:18:15 | 000,000,000 | ---D | C] -- C:\LARGO AL FACTOTUM
[2013/03/09 10:18:14 | 000,000,000 | ---D | C] -- C:\HOW LOVELY IS THY DWELLING PLACE
[2013/03/09 10:18:13 | 000,000,000 | ---D | C] -- C:\FESTIVAL PRELUDE
[2013/03/09 10:18:12 | 000,000,000 | ---D | C] -- C:\ELEVAZIONE
[2013/03/09 10:18:09 | 000,000,000 | ---D | C] -- C:\BRUNNER NATIONAL GUARD
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\Battaglia Galiard
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\AVE MARIA (BUONAMICI)
[2013/03/09 10:18:04 | 000,000,000 | ---D | C] -- C:\ALTE KAMERADEN
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\ALLEIN AUF GOTES WORT
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\A SCHUMANN SAMPLER
[2013/03/09 10:18:01 | 000,000,000 | ---D | C] -- C:\A MES YEUX ENCHANTES
[2013/03/09 10:06:15 | 000,000,000 | ---D | C] -- C:\24 Bach Chorales
[2013/02/27 06:21:02 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/02/27 06:20:29 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/02/27 06:20:16 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 06:20:15 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 06:20:15 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 06:20:12 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/02/27 06:20:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 06:20:11 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 06:20:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 06:20:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 06:20:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 06:20:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 06:20:08 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/02/27 06:20:07 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/02/27 06:20:07 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/02/27 06:20:07 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/02/27 06:20:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/02/27 06:20:07 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/02/27 06:20:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/02/27 06:20:07 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/02/27 06:20:06 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/02/27 06:20:06 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/02/27 06:20:05 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/02/27 06:20:05 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/02/27 06:20:03 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/26 10:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/26 09:42:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/26 09:42:24 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/26 08:53:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 08:53:57 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/26 08:49:09 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/26 08:48:46 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/25 19:43:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/25 18:20:37 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2013/03/16 16:31:52 | 000,001,083 | ---- | M] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/13 06:25:42 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 06:25:42 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/09 10:06:05 | 000,000,378 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/16 16:31:52 | 000,001,083 | ---- | C] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/09 10:06:05 | 000,000,378 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/06/14 20:45:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/06/12 16:23:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/12 16:23:33 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2011/06/12 16:23:30 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< :OTL >

< O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) >

< O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) >

< O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) >

< >

< :Files >

< netsh advfirewall reset /c >
Ok.

< netsh advfirewall set allprofiles state off /c >
Ok.

< >

< :Commands >

< [EMPTYTEMP] >

< End of report >

[tom982]

Hi Conrad,

The ESET log is clean which is great. It appears that you clicked the Run Scan button rather than the Run Fix button. Could you read my instructions very carefully and repeat the steps please:

OTL Fix

• Run OTL.
• Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:
  
  
  

  :OTL
  O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
  O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
  O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
  
  :Files
  netsh advfirewall reset /c
  netsh advfirewall set allprofiles state off /c 
  
  :Commands
  [EMPTYTEMP]

  
  
• Click the Run Fix button.
• After your computer has rebooted, run OTL and click Quick Scan.
• Copy and paste the contents of the log that it produces into your next post.

Tom

[tom982]

Hi Conrad,

In addition to the above, could you run aswMBR please:

aswMBR

Please download aswMBR from one of the links below and save it to your Desktop.

Download Mirror #1

• Right-click on aswMBR.exe and select Run as Administrator.
• Click Yes when asked to download the Avast! definitions.
• Click Scan to initiate the scan.
• When the scan finishes, click Save Log and save this to your Desktop.
• Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Tom

[Conrad 678]

Here is the latest log.

Thanks


All processes killed
Error: Unable to interpret <:OTLO15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites):Filesnetsh advfirewall reset /cnetsh advfirewall set allprofiles state off /c :Commands[EMPTYTEMP]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03282013_100514

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Conrad 678]

Here is the log.

Thanks!

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-03-28 12:56:06
-----------------------------
12:56:06.316 OS Version: Windows 6.1.7601 Service Pack 1
12:56:06.316 Number of processors: 2 586 0x1C0A
12:56:06.332 ComputerName: KMANSTRAVELPAL UserName:
12:56:10.497 Initialize success
12:59:39.777 AVAST engine defs: 13032800
13:01:23.610 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:01:23.626 Disk 0 Vendor: WDC_WD16 01.0 Size: 152627MB BusType: 3
13:01:23.860 Disk 0 MBR read successfully
13:01:23.875 Disk 0 MBR scan
13:01:23.984 Disk 0 Windows 7 default MBR code
13:01:24.000 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13319 MB offset 63
13:01:24.047 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 101 MB offset 27278370
13:01:24.078 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 139205 MB offset 27487215
13:01:24.094 Disk 0 scanning sectors +312579760
13:01:24.359 Disk 0 scanning C:\Windows\system32\drivers
13:01:46.792 Service scanning
13:02:33.280 Modules scanning
13:02:49.863 Disk 0 trace - called modules:
13:02:49.909 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
13:02:49.925 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85285030]
13:02:49.941 3 CLASSPNP.SYS[8700459e] -> nt!IofCallDriver -> [0x84841638]
13:02:49.956 5 ACPI.sys[86acb3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84849028]
13:02:52.109 AVAST engine scan C:\Windows
13:02:57.725 AVAST engine scan C:\Windows\system32
13:10:02.404 AVAST engine scan C:\Windows\system32\drivers
13:10:35.211 AVAST engine scan C:\Users\K Man's Travel Pal
15:56:29.488 Disk 0 MBR has been saved successfully to "C:\Users\K Man's Travel Pal\Desktop\MBR.dat"
15:56:29.551 The log file has been saved successfully to "C:\Users\K Man's Travel Pal\Desktop\aswMBR.txt"