| # AdwCleaner v3.003 - Report created 12/09/2013 at 18:00:44
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Bricksrep - BRICKSREP-PC
# Running from : C:\Users\Bricksrep\Desktop\Cleanup\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\BetterSoft
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\optimizer pro
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\Users\Bricksrep\AppData\Local\Conduit
Folder Deleted : C:\Users\Bricksrep\AppData\Local\cre
Folder Deleted : C:\Users\Bricksrep\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Bricksrep\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Bricksrep\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bricksrep\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Bricksrep\AppData\Roaming\NCdownloader
Folder Deleted : C:\Users\Bricksrep\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Bricksrep\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Bricksrep\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\Extensions\{7f7f82f1-7c95-47cd-814f-950b56d58fc3}
Folder Deleted : C:\Users\Bricksrep\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Deleted : C:\Users\Bricksrep\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Bricksrep\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_48c708f2
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3268934
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Tiger Savings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16635
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v22.0 (en-US)
[ File : C:\Users\Bricksrep\AppData\Roaming\Mozilla\Firefox\Profiles\zu06ydsl.default\prefs.js ]
Line Deleted : user_pref("CT3268935.FF19Solved", "true");
Line Deleted : user_pref("CT3268935.UserID", "UN11583357535002186");
Line Deleted : user_pref("CT3268935.addressUrlXPETakeover", "true");
Line Deleted : user_pref("CT3268935.autoDisableScopes", -1);
Line Deleted : user_pref("CT3268935.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3268935.defaultSearchXPETakeover", "true");
Line Deleted : user_pref("CT3268935.installDate", "5/5/2013 5:01:41");
Line Deleted : user_pref("CT3268935.installerVersion", "1.3.7.3");
Line Deleted : user_pref("CT3268935.keyword", "true");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Vgrabber v1 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268935&CUI=UN11583357535002186&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.selectedEngine", "My Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=86D128DA-6989-44DF-9614-81C809D298B7&n=77fce63e&p2=^XP^xdm017^S06025^ca&si=CJrO5KDAhbgCFQJqMgodszEAmg");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268935&SearchSource=2&CUI=UN11583357535002186&UM=2&q=");
Line Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=86D128DA-6989-44DF-9614-81C809D298B7&n=77fce63e&p2=^XP^xdm017^S06025^ca&si=CJrO5KDAhbgCFQJqM[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2013062718");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm017^S06025^ca");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CJrO5KDAhbgCFQJqMgodszEAmg");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "86D128DA-6989-44DF-9614-81C809D298B7");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1372379783082");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "threescompany");
Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "S4N+S");
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "televisionfanatic@mindspark.com");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,brain/default2,easyinline/dock,superfish,superfishgoogleeil,yontooinstalled,yontoonewoffers,dropdowndeals");
Line Deleted : user_pref("extentions.y2layers.installId", "27997039-2bd3-40b8-a2e2-236b54dfa1c1");
Line Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=86D128DA-6989-44DF-9614-81C809D298B7&n=77fce63e&ind=2013062718&p2=^XP^xdm017^S06025^ca&si=CJrO5KDAhbgCFQJqMg[...]
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3268935&octid=CT3268935&SearchSource=61&CUI=UN11583357535002186&UM=2&UP=SP9C03646A-1DAC-4556-93C6-5CBC2ECDD37F");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3268935&SearchSource=2&CUI=UN11583357535002186&UM=2&q=");
Line Deleted : user_pref("smartbar.originalHomepage", "youtube.com");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WebSearch");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=721&r=2013/04/09&hid=3886972819&lg=EN&cc=CA");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://websearch.pu-results.info/?pid=721&r=2013/04/09&hid=3886972819&lg=EN&cc=CA&l=1&q=");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
-\\ Google Chrome v
[ File : C:\Users\Bricksrep\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [12687 octets] - [12/09/2013 17:37:36]
AdwCleaner[S0].txt - [12685 octets] - [12/09/2013 18:00:44]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12746 octets] ########## |
| think I foundout what I did. I clicked selected all...but didn't Crt C it and just kept Crt V'ng the malware.....srrry
OTL logfile created on: 12/09/2013 6:33:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bricksrep\Desktop\Cleanup
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1011.87 Mb Total Physical Memory | 245.63 Mb Available Physical Memory | 24.27% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 190.86 Gb Free Space | 86.84% Space Free | Partition Type: NTFS
Computer Name: BRICKSREP-PC | User Name: Bricksrep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/09/12 18:32:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bricksrep\Desktop\Cleanup\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 20:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/03/14 05:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 05:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/03/14 05:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/22 20:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 15:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/01/29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/09/12 03:46:49 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\98aef86e9ce6835cc257c00f12c8cbcb\IAStorUtil.ni.dll
MOD - [2013/09/12 03:43:27 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0e0b7027bef61bd7f4a8eb5b2b6e77d2\System.Web.ni.dll
MOD - [2013/09/12 03:42:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b007ef7e335f5d66e1cfac7848f49712\System.Runtime.Remoting.ni.dll
MOD - [2013/09/12 03:40:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09bee6b44890caba552f9bffad3c044e\System.Windows.Forms.ni.dll
MOD - [2013/09/12 03:40:12 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8bbc099181ebc6211b076f10dee86ca7\System.Drawing.ni.dll
MOD - [2013/09/12 03:39:14 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\71c7e76d320d64adea3f3f67f590bec2\WindowsBase.ni.dll
MOD - [2013/09/12 03:38:50 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1144f7fbbd2ee52a72f6cb15006ea89f\System.Xml.ni.dll
MOD - [2013/09/12 03:38:36 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e3e7a63d854ccd99ce7bcdabd8350ca9\System.Configuration.ni.dll
MOD - [2013/09/12 03:38:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d71a55c003aa9e7936b3efedc58654d2\System.ni.dll
MOD - [2013/07/12 17:24:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\eee827bfa40a7cde1d5b589d7d1c86cb\IAStorCommon.ni.dll
MOD - [2013/07/12 11:09:13 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\fed2812e0a6109380a4fb35e6c965f80\mscorlib.ni.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - [2013/09/11 22:20:27 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/05 11:47:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/26 22:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/03/14 05:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/22 20:01:08 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/01/31 14:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/29 17:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 07:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2013/09/12 05:54:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/20 00:14:20 | 000,037,064 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss6.sys -- (taphss6)
DRV - [2010/11/20 15:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 15:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 15:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/08 13:15:28 | 007,430,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {53237A56-CD99-4A40-8046-7A13F90F8BB0}
IE - HKCU\..\SearchScopes\{53237A56-CD99-4A40-8046-7A13F90F8BB0}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3268934&CUI=UN32147457746582877&UM=2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bricksrep\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013/04/27 01:37:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Extensions
[2013/06/27 18:36:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/09/11 22:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013/09/12 18:01:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Firefox\Profiles\zu06ydsl.default\extensions
[2013/09/11 22:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Firefox\Profiles\zu06ydsl.default\extensions\64ffxtbr@TelevisionFanatic.com
[2013/06/27 18:34:40 | 000,000,000 | ---D | M] (TelevisionFanatic) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\Firefox\Profiles\zu06ydsl.default\extensions\64ffxtbr-bs@TelevisionFanatic.com
[2013/01/30 12:27:42 | 000,205,094 | ---- | M] () (No name found) -- C:\Users\Bricksrep\AppData\Roaming\mozilla\firefox\profiles\extensions\clickmoviedownloader@clickmoviedownloader.com.xpi
[2013/07/05 11:46:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/07/05 11:47:24 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Bricksrep\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Bricksrep\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bricksrep\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4B8940-89F6-490C-BCE0-24B7D1A3C79D}: DhcpNameServer = 172.16.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{823d52b7-b412-11e2-ab35-e89a8fdb8f1f}\Shell - "" = AutoRun
O33 - MountPoints2\{823d52b7-b412-11e2-ab35-e89a8fdb8f1f}\Shell\AutoRun\command - "" = D:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{b6bad83a-c0b5-11e2-94ec-e89a8fdb8f1f}\Shell - "" = AutoRun
O33 - MountPoints2\{b6bad83a-c0b5-11e2-94ec-e89a8fdb8f1f}\Shell\AutoRun\command - "" = D:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/09/12 17:36:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/12 05:52:09 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/09/12 05:52:09 | 000,000,000 | ---D | C] -- C:\Users\Bricksrep\AppData\Roaming\Malwarebytes
[2013/09/12 05:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/12 05:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/12 05:51:59 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/09/12 05:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/09/12 05:51:16 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bricksrep\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/11 22:48:25 | 000,000,000 | ---D | C] -- C:\Users\Bricksrep\Desktop\Cleanup
[2013/08/16 20:34:57 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/08/16 20:33:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/09/12 18:18:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 18:10:51 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 18:10:51 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 18:03:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/12 18:03:30 | 795,762,688 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 16:03:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287105960-3453728517-456974287-1000UA.job
[2013/09/12 05:54:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/09/12 05:52:02 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/12 05:51:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Bricksrep\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/12 05:29:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/12 04:03:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3287105960-3453728517-456974287-1000Core.job
[2013/09/12 03:08:35 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/09/12 03:08:35 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/09/11 22:20:18 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/09/11 22:20:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/09/12 05:52:02 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/11 22:44:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/06/27 15:04:49 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 14:05:13 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/26 14:05:05 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/08 21:54:13 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2013/04/15 13:38:50 | 000,000,134 | ---- | C] () -- C:\Windows\wininit.ini
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 22:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== LOP Check ==========[/color]
[2012/11/19 12:22:59 | 000,000,000 | ---D | M] -- C:\Users\Bricksrep\AppData\Roaming\runic games
[2013/06/14 13:21:43 | 000,000,000 | ---D | M] -- C:\Users\Bricksrep\AppData\Roaming\WildTangent
[color=#E56717]========== Purity Check ==========[/color]
OTL Extras logfile created on: 12/09/2013 6:33:05 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bricksrep\Desktop\Cleanup
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
1011.87 Mb Total Physical Memory | 245.63 Mb Available Physical Memory | 24.27% Memory free
1.99 Gb Paging File | 1.11 Gb Available in Paging File | 55.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219.79 Gb Total Space | 190.86 Gb Free Space | 86.84% Space Free | Partition Type: NTFS
Computer Name: BRICKSREP-PC | User Name: Bricksrep | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12E77357-0524-45D8-A1A4-EC9681A58F6F}" = rport=139 | protocol=6 | dir=out | app=system |
"{1F3A6530-F25F-4AD2-90E0-3F003558B813}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F780FB7-F266-48CF-8BC9-A2160EE90554}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{561BB1E4-671B-48A2-9E7B-B89FD8FC2DD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DE071D7-0764-443D-AD6B-BC290C2350C3}" = rport=445 | protocol=6 | dir=out | app=system |
"{60FC7919-FBCC-401F-B2DD-9BB0CA6CBD18}" = lport=137 | protocol=17 | dir=in | app=system |
"{782E9CBE-73D9-4429-A640-954697D0E0A7}" = rport=138 | protocol=17 | dir=out | app=system |
"{80333B98-6DD6-4DDB-89B1-E4734A5613DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{827A7B9A-C738-4103-A469-B442126C166E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8599107E-37CC-49DB-8DF2-B720593A7267}" = lport=2869 | protocol=6 | dir=in | app=system |
"{973C8575-B358-4F9C-A595-FE5C4EC97B37}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C054B32E-4F6C-4913-806D-BAE018108523}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C14A028E-5409-4339-A8B3-227247620D70}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C19FCA8F-3669-43F4-83A1-CE8819B0B662}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1FA333C-4549-48E1-B4F5-701067308966}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C52464D6-496E-4C7B-BC52-A3BF115A1E83}" = lport=139 | protocol=6 | dir=in | app=system |
"{C58A39FA-169B-4138-AF19-57020D3497E2}" = rport=137 | protocol=17 | dir=out | app=system |
"{C61D078B-D71B-4CC7-881C-B62EE4777772}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C69E9F15-2744-4FE8-A686-F4AD8C97ECF9}" = lport=445 | protocol=6 | dir=in | app=system |
"{C9F068B8-7D6F-4743-BDE7-E6B71F3EB337}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CBC2484C-32C8-4260-8B44-58CA9AC52A50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D264DCF6-3EA1-455B-8D10-BCB8495D7A12}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D67788C3-1F02-46D0-A09A-A15BA7662279}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E26608AB-18B6-45EA-B83B-D8E8D71FCFD8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FE3D35DE-52EE-434A-BFCB-33BC9C35604E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B028B36-7BB7-477B-8985-B075EFB776A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14274037-EC7E-4B94-9F5B-D11502548767}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{1CE65777-06BA-4177-8337-F23D933F16A4}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1D8B7225-A30D-403D-888C-239966DC12CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F456E49-BEC3-4464-9B40-F75E651EBE81}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{21D998B9-67FE-4025-833E-32CE1B53E417}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{2B226B36-5089-49EF-84F4-48E288485AC4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{311D59CB-B787-4F9E-B89A-17D3A7760A45}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{47968B7A-31BE-4801-A58C-25C320221650}" = protocol=6 | dir=out | app=system |
"{4FC67663-C547-4A5C-9EDC-BECBBE5FC2F5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7261FFB7-E58C-4BB1-B71A-BC8EB6231613}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{798E7A14-ED1E-4D1E-8C33-4995837B1C6A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{84D66158-F747-4012-A27D-97ABBDC1D766}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9C9CA259-2979-49FD-B9EE-87C0C5728B57}" = dir=in | app=c:\users\bricksrep\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{9E18C9ED-27D2-4A9F-8D9E-120B6D444469}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{A438ABC9-0CAE-4A8B-9ECF-E0A28B460CB6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{AFAEF739-4264-45F6-8151-BC701FEB00C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B355ABFC-E978-49C1-86A1-48E32C14206B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C246088D-EB61-4AA1-BA7B-FAFFE371678C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C6F17833-C1E0-4AF5-A07C-1ABC105118A7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{C8CDD2EA-A77D-4DB2-A796-FB812D39663B}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{DF4280B6-0673-4985-B58D-6A0B45E8D453}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DFB975BA-80AF-44DC-8B42-ADA671CD56FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E55DB1BD-B20F-45F8-B223-7EA84484B370}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{EF497283-E5C1-43EA-A44D-7D8CC05015A1}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8157260-BF94-4849-9810-FE207D9676C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{8AFD6293-932A-4E22-8037-0740DEDF6E44}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"UDP Query User{6F1DB4B5-30A1-4D95-B02A-EF49908828A0}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A6AC699F-8315-40CA-8F70-E917494978AB}" = VirtualDJ Home FREE
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 13/06/2013 3:36:32 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:32 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:32 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:34 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:34 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:34 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:36 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:36 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:36 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
Error - 13/06/2013 3:36:38 PM | Computer Name = Bricksrep-PC | Source = Bonjour Service | ID = 100
Description =
[ System Events ]
Error - 05/07/2013 2:10:09 AM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 05/07/2013 3:37:27 AM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 05/07/2013 12:33:26 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 06/07/2013 4:06:34 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinDefend service.
Error - 06/07/2013 4:06:34 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.
Error - 07/07/2013 4:19:47 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.
Error - 09/07/2013 3:31:00 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.
Error - 11/07/2013 2:56:24 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SysMain service.
Error - 11/07/2013 10:54:04 PM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.
Error - 12/07/2013 5:41:22 AM | Computer Name = Bricksrep-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom
Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
[u]``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[u]`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.8.800.168
Adobe Reader 9 [color=red]Adobe Reader out of Date![/color]
Mozilla Firefox 22.0 [color=red]Firefox out of Date![/color]
[u]````````Process Check: objlist.exe by Laurent````````[/u]
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
[u]`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 1%
[u]````````````````````End of Log``````````````````````[/u]
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK |
·
