Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cannot open antivirus or microsoft sites [Solved]

Started by ridgback , May 02 2012 03:17 AM

  • This topic is locked This topic is locked

#1
ridgback
Posted 02 May 2012 - 03:17 AM

ridgback

    Member

  • Member
  • PipPip
  • 22 posts
Hi everyone this is my first post and hope you can help me. My names Richard and I have just found I am unable to update my AVG anti virus. When I try to open any AV sites they won't open and I also cannot access the Microsoft site. I'm not a computer expert by any stretch of the imagination and wonder if anyone can help me.
Also when I log on I get a box saying Window Command Processor with continue and cancel buttons. When I check the details it says the following.

"C:\Windows\System32\cmd.exe"/C
"C:Users\ADMINI~1\AppData\Local\...\seyskfecacsvveww.exe"

I assume the ADMINI part is the account name of my user profile on my laptop.

Any help would be gratefully accepted, as I say I have very little computer knowledge so am in your hands.

Richard
  • 0

Advertisements

#2
Satchfan
Posted 02 May 2012 - 04:29 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hello ridgback and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run OTL

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Deskuop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s >
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.
===================================================

Run aswMBR

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply
Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log

Thanks

Satchfan
  • 0

#3
ridgback
Posted 03 May 2012 - 06:05 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks for the reply Satchfan,

Will do as you ask but it may be a few days from now as I am away with work for a week, please bear with me and I will let you know what happens

Thank you

Rich
  • 0

#4
Satchfan
Posted 03 May 2012 - 06:23 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Thanks for letting me know.

I'll keep this open for a few days.

Satchfan
  • 0

#5
ridgback
Posted 03 May 2012 - 08:14 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi again I only hae the OTL log file no extras text.

OTL logfile created on: 03/05/2012 14:36:51 - Run 3
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 58.50% Memory free
6.20 Gb Paging File | 5.09 Gb Available in Paging File | 82.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.09 Gb Total Space | 29.33 Gb Free Space | 20.35% Space Free | Partition Type: NTFS
Drive D: | 144.00 Gb Total Space | 143.90 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: MARTIN-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Users\Administration\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
MOD - C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ()
MOD - C:\Program Files\Panasonic\VideoCamSuite\MSResource\MSTextResource.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Samsung\EBM\ChkSec.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ADDMEM) -- C:\Users\Martin\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS File not found
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...=103139&gcht=sx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...erms}&si=103139
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-02 23:07:56&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...rms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Administration\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/02 23:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/02 23:08:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/02 23:06:30 | 000,000,000 | ---D | M]

[2009/02/07 22:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\Mozilla\Extensions
[2009/02/07 22:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\b5hcliw7.default\extensions
[2012/05/01 00:14:05 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\10.0.0.7\
[2009/02/22 19:11:55 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ByeXidcv] C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm567YYGB File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589DA96F-5DDA-43E4-912E-3BD6E13EA497}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/03 13:01:12 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\AVG Secure Search
[2012/05/02 23:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/05/02 23:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/02 23:06:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/02 10:29:01 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2012/05/01 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\AVG
[2012/05/01 00:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/05/01 00:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/01 00:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/30 23:37:43 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\DriverCure
[2012/04/30 23:37:42 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\SpeedMaxPc
[2012/04/30 23:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2012/04/30 23:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/04/29 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\ssmlxdsf
[2012/04/20 22:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys

========== Files - Modified Within 30 Days ==========

[2012/05/03 14:39:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BDFAC2CA-BD71-4407-9A7C-132B98340CFD}.job
[2012/05/03 14:35:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1003UA.job
[2012/05/03 14:25:11 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/03 14:25:10 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/03 14:21:15 | 000,099,558 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\nvModes.001
[2012/05/03 14:19:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/03 14:18:48 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 14:18:47 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/03 14:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/03 13:40:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/03 13:01:07 | 000,000,680 | ---- | M] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2012/05/02 23:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1005UA.job
[2012/05/02 23:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/02 23:08:22 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/02 22:43:26 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8D644CD-CB0A-45B4-83CB-74AA1394697F}.job
[2012/05/02 10:29:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2012/05/02 10:06:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/01 12:45:23 | 000,043,008 | ---- | M] () -- C:\Users\Administration\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 08:45:09 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/05/01 00:16:23 | 000,000,959 | ---- | M] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/01 00:16:23 | 000,000,935 | ---- | M] () -- C:\Users\Administration\Desktop\AVG PC Tuneup 2011.lnk
[2012/05/01 00:01:46 | 000,099,558 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\nvModes.dat
[2012/04/30 23:38:45 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/04/30 21:35:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1003Core.job
[2012/04/30 13:41:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1005Core.job
[2012/04/29 17:51:44 | 000,096,932 | --S- | M] () -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe
[2012/04/29 17:51:44 | 000,096,932 | ---- | M] () -- C:\Users\Administration\0.9703573354489202.exe
[2012/04/20 22:31:54 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys

========== Files Created - No Company Name ==========

[2012/05/02 23:08:22 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/01 00:16:23 | 000,000,959 | ---- | C] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/01 00:16:23 | 000,000,935 | ---- | C] () -- C:\Users\Administration\Desktop\AVG PC Tuneup 2011.lnk
[2012/04/30 23:38:45 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/04/30 23:37:29 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/04/29 17:51:45 | 000,096,932 | --S- | C] () -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe
[2012/04/29 17:51:44 | 000,096,932 | ---- | C] () -- C:\Users\Administration\0.9703573354489202.exe
[2012/04/20 22:31:54 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/04 20:47:57 | 000,000,680 | ---- | C] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2012/05/01 11:57:30 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\AVG
[2011/10/01 21:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\AVG2012
[2009/07/11 21:15:39 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/04/30 23:37:43 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\DriverCure
[2009/08/02 20:51:46 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Nokia
[2009/09/06 21:58:56 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\Panasonic
[2009/08/02 20:51:38 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\PC Suite
[2012/04/30 23:37:42 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\SpeedMaxPc
[2008/12/15 15:28:39 | 000,000,000 | ---D | M] -- C:\Users\Administration\AppData\Roaming\vghd
[2012/05/03 13:40:01 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/30 23:38:45 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Registration3.job
[2012/05/01 08:45:09 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\SpeedMaxPc Update3.job
[2012/05/03 14:39:59 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BDFAC2CA-BD71-4407-9A7C-132B98340CFD}.job
[2012/05/02 22:43:26 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E8D644CD-CB0A-45B4-83CB-74AA1394697F}.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 10:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2006/11/16 11:39:29 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/07/04 09:07:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/07/04 09:07:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/09 08:37:45 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2010/08/09 08:37:35 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2010/08/09 08:37:39 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{20708f8b-a383-11df-b96e-0013776ddf28}.TM.blf
[2010/08/09 08:37:37 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{20708f8b-a383-11df-b96e-0013776ddf28}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 08:37:38 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{20708f8b-a383-11df-b96e-0013776ddf28}.TMContainer00000000000000000002.regtrans-ms
[2010/08/09 08:37:43 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{20708f8f-a383-11df-b96e-0013776ddf28}.TM.blf
[2010/08/09 08:37:42 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{20708f8f-a383-11df-b96e-0013776ddf28}.TMContainer00000000000000000001.regtrans-ms
[2010/08/09 08:37:42 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{20708f8f-a383-11df-b96e-0013776ddf28}.TMContainer00000000000000000002.regtrans-ms
[2012/05/03 14:18:02 | 3533,504,512 | -HS- | M] () -- C:\pagefile.sys
[2007/04/26 08:45:58 | 000,000,631 | ---- | M] () -- C:\PDVD.iss
[2007/12/11 17:55:45 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2008/12/03 11:43:03 | 000,000,086 | ---- | M] () -- C:\Setup.log
[2009/02/28 18:26:19 | 000,000,172 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/10/02 22:09:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/10/24 22:40:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/28 18:26:19 | 000,000,172 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/10/02 22:09:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/10/24 22:40:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/01/16 22:48:25 | 000,000,989 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/01 13:00:16 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpzpp5jy.dll
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/12/12 09:59:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Deskuop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2006/05/19 12:53:02 | 000,013,022 | ---- | M] () -- C:\Windows\snp2uvc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-01 08:04:24

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/08/27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/08/27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2006/11/02 13:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 13:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui

< MD5 for: EXPLORER.EXE-A80E4F97.PF >
[2012/04/30 23:27:26 | 000,281,458 | ---- | M] () MD5=97418711F7C5C7923F15A4DB70CAFD78 -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

< MD5 for: IEXPLORE.EXE >
[2009/01/15 05:14:36 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=0844F5B9CB3BB85A917D347EF1565B6C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[2007/12/11 18:24:14 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=10BDB55982586A432A3951EB19A26009 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16473_none_2d330f011d0e0526\iexplore.exe
[2008/12/01 13:04:22 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=19403B64906C9EAC627E3C10847B0FDA -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[2009/11/21 07:42:38 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=1B6362BB14FCEB9E76BCF9A953B04788 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[2009/03/03 05:18:52 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=1DD66A2851DACDEC32EAE8F9A8865ABD -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[2009/04/24 17:25:27 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=1F44940EF1D07D0BDAF80E55853DFBD0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[2010/02/23 16:06:13 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=25DB705A7DC85C208B3CF2D20F118AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[2007/12/11 18:33:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=275CEE268B9E5D82474C43D5D249D111 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\iexplore.exe
[2009/08/27 06:23:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=2E48756F12C21F46895036AC089AAD97 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[2007/12/11 18:46:04 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=3C1B2AD79DBF750A15A8832AF8192DB4 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\iexplore.exe
[2010/01/02 15:58:26 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=3D8DA00B028DEA9517066F1CECBFC4A2 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[2009/07/22 07:04:09 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=4B5AEA50CE77FBA4C2D169622DC9B489 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[2008/10/16 05:27:53 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=4CBA2F58668F2D5F3259CBE73E227F25 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[2008/12/01 13:04:21 | 000,633,632 | ---- | M] (Microsoft Corporation) MD5=6655B851D9EEF7C83395EE52D551B448 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[2009/08/27 14:31:08 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=7DD482E4A2E3CBB0A72F718C342F5B75 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[2006/11/02 10:45:14 | 000,623,616 | ---- | M] (Microsoft Corporation) MD5=8308F01F27DF839E0010B0F72F855E35 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
[2010/01/02 07:40:20 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=88BD42DAE7CFFEB256CA7145A15E4843 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[2009/03/03 05:32:44 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=8BA2B7A05F88BE0D45237A0994AD8366 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[2007/12/11 18:24:15 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=9B3516C1F30DA17ADD3818573047D63C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20583_none_2db1dbe03633c0e1\iexplore.exe
[2009/03/03 05:40:22 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=9E6C1527D9A2C64BFD780AA23075380F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Program Files\Internet Explorer\iexplore.exe
[2010/02/23 07:39:16 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=9F52FBE99C749E3F32C75124F09F1B03 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[2009/03/08 22:09:24 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[2007/12/11 18:33:41 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=BD8502DFD53FC24FB8D6929DC46B8C2C -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\iexplore.exe
[2009/07/21 22:53:43 | 000,638,216 | ---- | M] (Microsoft Corporation) MD5=C33BD196A0301F9B23D9A003D30ED8B0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[2009/04/24 17:03:18 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D5271AC4A06AD9D1E2EA0151B79B2657 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[2009/04/24 17:01:36 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=D6157423C117F24D24695866A1D0A93F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[2008/10/16 05:42:58 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=D762642A109433EEDCD332B0A9511137 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[2009/11/21 16:05:17 | 000,638,232 | ---- | M] (Microsoft Corporation) MD5=E7F8DF50E483D165BB01F367D3519AA7 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[2009/03/03 05:22:10 | 000,636,072 | ---- | M] (Microsoft Corporation) MD5=EA4BE33726155F89D89A3FE7142878E0 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[2007/12/11 18:46:04 | 000,625,152 | ---- | M] (Microsoft Corporation) MD5=EDEE147E416398BB3DD5B0DD4F6F1D32 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\iexplore.exe
[2009/01/15 05:18:47 | 000,634,024 | ---- | M] (Microsoft Corporation) MD5=F0B1CA517977BA2FF6DA33F1B966C488 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[2009/04/24 17:08:04 | 000,634,632 | ---- | M] (Microsoft Corporation) MD5=F294D8EEB05C835EC44A12CE0A1DFE7A -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe

< MD5 for: IEXPLORE.EXE.HU.KDMP >
[2010/11/22 18:46:49 | 020,314,589 | ---- | M] () MD5=4F29966E679FB1315F9A20D52EC6F175 -- C:\Users\Martin\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report18dbc62b\iexplore.exe.hu.kdmp

< MD5 for: IEXPLORE.EXE.MUI >
[2006/11/02 13:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
[2009/03/08 22:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 22:27:11 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_8.0.6001.18702_en-us_207795706a90d6c1\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE.XML >
[2010/11/22 18:46:49 | 000,004,402 | ---- | M] () MD5=89A505675294163A6D86EED322B06C0C -- C:\Users\Martin\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report18dbc62b\iexplore.exe.xml

< MD5 for: IEXPLORE.EXE-908C99F8.PF >
[2012/05/03 14:34:28 | 000,258,354 | ---- | M] () MD5=6EAF0A5B73AA26AE034E67C64CA80043 -- C:\Windows\Prefetch\IEXPLORE.EXE-908C99F8.pf

< MD5 for: WINLOGON.EXE >
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2006/11/02 13:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2006/11/02 13:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui

< MD5 for: WINLOGON.MOF >
[2006/09/18 22:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 22:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof

========== Alternate Data Streams ==========

@Alternate Data Stream - 372 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#6
ridgback
Posted 03 May 2012 - 08:17 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Also internet explorer won't open aswMBR.

Look forward to loking at your reply

Richard
  • 0

#7
Satchfan
Posted 03 May 2012 - 08:29 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
The Extras.Txt log only appears after the first run and you sent the third run, The original Extras.Txt can be found in the same location as OTL which is on your desktop.

If the aswMBR link doesn't work in Internet Explorer, try it in Firefox.

Thanks

Satchfan
  • 0

#8
ridgback
Posted 03 May 2012 - 03:06 PM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry here's the extra's text.

OTL Extras logfile created on: 02/05/2012 10:51:39 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 62.49% Memory free
6.20 Gb Paging File | 4.99 Gb Available in Paging File | 80.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.09 Gb Total Space | 28.07 Gb Free Space | 19.48% Space Free | Partition Type: NTFS
Drive D: | 144.00 Gb Total Space | 143.90 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: MARTIN-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D228A13-1A6A-4702-B0C2-AECF7E894400}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{38472916-9276-4BA4-861E-1F66417FBD77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{45227ED1-8700-4D93-9A63-CD0DFB347C9F}" = rport=445 | protocol=6 | dir=out | app=system |
"{4EF05A2A-1F72-4FAE-9DB3-671B3EBEF264}" = lport=139 | protocol=6 | dir=in | app=system |
"{62823B5E-51A2-4504-B5AC-8AF5AF0603E8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8CCC6420-1DA3-467C-9391-0D2DCB6288CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8DBDCFEA-98B3-421A-B287-D486CEE4832F}" = lport=445 | protocol=6 | dir=in | app=system |
"{934CB22E-564C-4C59-8B16-6D5AD56E982C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A92B1B0F-39BA-48D3-913D-A17B772437DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{BAD26D0E-2BD1-4EB3-A7A7-BA9F45B2D07B}" = rport=139 | protocol=6 | dir=out | app=system |
"{C06715BA-8BA5-4C79-98F4-6D44CFBCB09E}" = rport=137 | protocol=17 | dir=out | app=system |
"{C7401F28-DF48-4124-93AD-D591B4FDB418}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{E96A20B6-D71F-4EFE-9EE0-473E64BEBB66}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052978FC-E19A-4179-AA99-A48EDA49E569}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{14ABE781-C733-45F3-8859-E31601585516}" = protocol=58 | dir=in | [email protected],-28545 |
"{16F443BD-9649-4B0A-9E53-6D846016A7CD}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{171F458F-829A-4FE8-8288-44BA5FC4126E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{1E0C9A0E-28AA-4F50-992C-7E635647BA56}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{24F416F0-0F4B-48FF-A1CF-C5E1AF17B394}" = protocol=17 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |
"{25094864-6A9A-4184-960C-10B7C5818F14}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{2A105334-A5A2-4018-9C28-6D517933F299}" = protocol=17 | dir=in | app=c:\program files\talktalk\agent\bin\bcont_nm.exe |
"{2DF8F71E-A10C-483C-9850-E5FBD11C8C2F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3A3B1139-35C7-4975-A903-914D378E258A}" = protocol=6 | dir=in | app=c:\program files\talktalk\agent\bin\bcont.exe |
"{3DFF725F-E941-4B49-9180-B430735414B7}" = protocol=1 | dir=out | [email protected],-28544 |
"{43680E72-85E3-420A-9244-7223F6BE0FA6}" = protocol=6 | dir=in | app=c:\program files\talktalk\bin\sprtcmd.exe |
"{460098C5-0F89-4E83-B25D-193DFB43618F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{46C1DFFB-4813-4C78-9E93-E74F960DC3B7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4C6346B5-E621-4472-8CA8-F78A3A69173A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{4DCD8E67-E29D-4ABA-877D-E8D365C88096}" = protocol=17 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{51ED18B0-B4B1-4A35-B6A7-1E22EDB08170}" = protocol=6 | dir=in | app=c:\program files\common files\supportsoft\bin\tgsrvc.exe |
"{5A0CE6CB-BAF3-49AE-A9E6-F3F2A56D9148}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5CC75033-716D-46AA-BEB2-12E44B2A5697}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
"{709A6032-172D-409A-BA7A-26F4E7E17944}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7BE7CE12-7315-4CA5-8979-4ECBB5780E8D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{85D4A051-DC97-4745-A261-7AF1C6DDD530}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{9688D5DB-3DBA-4F92-A902-5677E3CF06C9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{99AB6D8C-9DEA-49DE-A86E-7BBD2FF29FEA}" = protocol=58 | dir=out | [email protected],-28546 |
"{B6B95AD1-29CA-4899-B7C0-4C9E43DECD4C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA6AF088-2D3B-4718-8937-4DBC85CB591B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F4BF74FA-8FF7-42EC-ACD0-A1EFFE7F809C}" = protocol=1 | dir=in | [email protected],-28543 |
"TCP Query User{4FB99A06-3025-497A-972D-8815AF30944E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7346C3BD-1814-42D1-A756-F746271E158F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{79567F95-B9A0-4B3D-AFED-5220247BAA74}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{37EC6B1C-088B-4C9C-91C9-091363EEA70D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{AFE5C6A5-0BE1-4F35-B212-36E6283DBB2F}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{F7E23E15-D88E-4370-AFB1-F3B03C98D198}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{03C5896D-8F49-471E-8F92-801A94570038}" = VideoCam Suite
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5500
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3724743C-C279-4ACA-A451-56479745208A}" = Memory-Map European Edition
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB2.0 UVC Camera
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{4EFC72DA-2314-4E5D-AC8E-1C954CDB8BBF}" = AVG 2012
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{5D9B17E4-5C34-45B2-9C95-8B9DB4CF7AF3}" = HP_Network_UserGuide
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EDF1A5D-D8E0-413E-9782-75DD4A8C831B}" = VideoCam Suite 1.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B395BC1D-CC06-425E-9049-4CD985EFF004}" = LightScribe 1.8.15.1
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BEA18030-8B42-1286-EF64-CDA6BD083888}" = BBC iPlayer Desktop
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint 2.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}" = Garmin Training Center 3.4.3
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2012
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"DebugMode Wax 2.0" = DebugMode Wax 2.0
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NVIDIA Drivers" = NVIDIA Drivers
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"Salter MiBodySE1.1" = Salter MiBody
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.8.2.2264
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/05/2012 03:47:55 | Computer Name = Martin-PC | Source = MsiInstaller | ID = 11704
Description =

Error - 01/05/2012 03:51:20 | Computer Name = Martin-PC | Source = WerSvc | ID = 5007
Description =

Error - 01/05/2012 04:03:29 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 01/05/2012 04:03:30 | Computer Name = Martin-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 02/05/2012 04:27:44 | Computer Name = Martin-PC | Source = WerSvc | ID = 5007
Description =

Error - 02/05/2012 05:30:04 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 144c Start Time: 01cd284607da1947 Termination Time: 16

Error - 02/05/2012 05:33:09 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 9f0 Start Time: 01cd28462d6770e7 Termination Time: 13

Error - 02/05/2012 05:35:23 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 50c Start Time: 01cd2846a348bf87 Termination Time: 510

Error - 02/05/2012 05:47:26 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 11c4 Start Time: 01cd28484d2ebf37 Termination Time: 10

Error - 02/05/2012 05:50:22 | Computer Name = Martin-PC | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.42.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 12c8 Start Time: 01cd2848d91a9a07 Termination Time: 13

[ System Events ]
Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 02/05/2012 04:36:27 | Computer Name = Martin-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >
  • 0

#9
ridgback
Posted 03 May 2012 - 03:19 PM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
More problems, Firefox won't open it and Chrome will not open at all. Could I use another computer and save the aswMBR to amemory stick and then install it?

Thanks

Richard
  • 0

#10
Satchfan
Posted 03 May 2012 - 03:38 PM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Hi Rich

Don’t bother about running aswMBR for now.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services

:OTL
PRC - C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
MOD - C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...=103139&gcht=sx
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsear...erms}&si=103139
[2009/02/22 19:11:55 | 000,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\mozilla firefox\plugins\NPMyWebS.dll
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [ByeXidcv] C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe ()
O4 - Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe ()
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
[2012/04/29 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\ssmlxdsf
[2012/04/29 17:51:44 | 000,096,932 | --S- | M] () -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe
[2012/04/29 17:51:44 | 000,096,932 | ---- | M] () -- C:\Users\Administration\0.9703573354489202.exe
@Alternate Data Stream - 372 bytes -> C:\ProgramData\TEMP:9A870F8B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" =dword:00000000

:Commands
[purity]
[Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

==============================================

Download Malwarebytes-Anti-Malware

Click here

  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Logs to include in the next post:

OTL fix log
New OTL log
Mbam.txt

Satchfan
  • 0

Advertisements

#11
ridgback
Posted 03 May 2012 - 04:09 PM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Hi again, saved aswMBR to memory stick and hae run it. Hers the log, appear to have 2 infections see log entries at 22:57:06 and 22:57:07

swMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-03 22:33:32
-----------------------------
22:33:32.923 OS Version: Windows 6.0.6000
22:33:32.923 Number of processors: 2 586 0xF0D
22:33:32.924 ComputerName: MARTIN-PC UserName:
22:33:34.896 Initialize success
22:50:24.308 AVAST engine defs: 12050301
22:50:27.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:50:27.966 Disk 0 Vendor: FUJITSU_MHZ2320BH_G2 00000009 Size: 305245MB BusType: 3
22:50:27.990 Disk 0 MBR read successfully
22:50:27.999 Disk 0 MBR scan
22:50:28.026 Disk 0 unknown MBR code
22:50:28.047 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
22:50:28.086 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147548 MB offset 20973568
22:50:28.117 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147455 MB offset 323151872
22:50:28.140 Disk 0 scanning sectors +625139712
22:50:28.229 Disk 0 scanning C:\Windows\system32\drivers
22:50:45.621 Service scanning
22:51:32.373 Modules scanning
22:51:49.654 Disk 0 trace - called modules:
22:51:49.995
22:51:51.819 AVAST engine scan C:\Windows
22:52:00.119 AVAST engine scan C:\Windows\system32
22:56:37.659 AVAST engine scan C:\Windows\system32\drivers
22:57:06.987 AVAST engine scan C:\Users\Administration
22:57:07.152 File: C:\Users\Administration\0.9703573354489202.exe **INFECTED** Win32:Trojan-gen
23:02:15.165 File: C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe **INFECTED** Win32:Trojan-gen
23:03:10.916 Disk 0 MBR has been saved successfully to "C:\Users\Administration\Desktop\MBR.dat"
23:03:10.935 The log file has been saved successfully to "C:\Users\Administration\Desktop\aswMBR.txt"

Will do as you request tomorrow, time for bed for me. Thanks for all your help so far, I feel like I'm now getting somewhere.

Richard

Edited by ridgback, 03 May 2012 - 04:15 PM.

  • 0

#12
Satchfan
Posted 04 May 2012 - 12:38 AM

Satchfan

    Trusted Helper

  • Malware Removal
  • 624 posts
Please follow my previous instructions and then run aswMBR again.
  • 0

#13
ridgback
Posted 04 May 2012 - 04:44 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL Fix Log

========== SERVICES/DRIVERS ==========
========== OTL ==========
Process byexidcv.exe killed successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00A6FAF6-072E-44cf-8957-5838F569A31D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56256A51-B582-467e-B8D4-7786EDA79AE0}\ not found.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ByeXidcv deleted successfully.
C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe moved successfully.
File move failed. C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Administration\AppData\Local\ssmlxdsf folder moved successfully.
File move failed. C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe scheduled to be moved on reboot.
C:\Users\Administration\0.9703573354489202.exe moved successfully.
ADS C:\ProgramData\TEMP:9A870F8B deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\\"AntiVirusOverride" |dword:00000000 /E!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.42.2 log created on 05042012_101220

Files\Folders moved on Reboot...
C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\byexidcv.exe moved successfully.

Registry entries deleted on Reboot...
  • 0

#14
ridgback
Posted 04 May 2012 - 04:46 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
OTL Post Fix

OTL logfile created on: 04/05/2012 11:29:06 - Run 5
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Administration\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 53.75% Memory free
6.20 Gb Paging File | 4.82 Gb Available in Paging File | 77.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.09 Gb Total Space | 28.02 Gb Free Space | 19.45% Space Free | Partition Type: NTFS
Drive D: | 144.00 Gb Total Space | 143.90 Gb Free Space | 99.93% Space Free | Partition Type: NTFS

Computer Name: MARTIN-PC | User Name: Administration | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Users\Administration\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Panasonic\VideoCamSuite\VideoCamSuiteAutoStart.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
MOD - C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll ()
MOD - C:\Program Files\Panasonic\VideoCamSuite\MSResource\MSTextResource.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\Samsung\EBM\ChkSec.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\WinMove.dll ()
MOD - C:\Program Files\Samsung\Samsung Magic Doctor\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\EasySpeedUpManager\HookDllPS2.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (vToolbarUpdater11.0.2) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (B.H.A Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (upperdev) -- system32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ADDMEM) -- C:\Users\Martin\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel® -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-02 23:07:56&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://uk.search.yah...rms}&fr=chr-rog
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://uk.search.yah...ch?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..keyword.URL: "http://uk.search.yah...ch?fr=ffds1&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administration\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administration\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Administration\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/02 23:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/04 09:20:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/02 23:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/03 22:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/04 10:12:20 | 000,000,000 | ---D | M]

[2009/02/07 22:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\Mozilla\Extensions
[2009/02/07 22:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administration\AppData\Roaming\Mozilla\Firefox\Profiles\b5hcliw7.default\extensions
[2012/05/03 22:14:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/21 02:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/21 02:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/21 02:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Administration\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ByeXidcv] C:\Users\Administration\AppData\Local\ssmlxdsf\byexidcv.exe File not found
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{589DA96F-5DDA-43E4-912E-3BD6E13EA497}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Administration\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/04 11:26:23 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/04 10:34:10 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Malwarebytes
[2012/05/04 10:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/04 10:34:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/04 10:34:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/04 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/04 10:33:28 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administration\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 10:12:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/04 09:20:30 | 000,000,000 | ---D | C] -- C:\AVG2012
[2012/05/04 09:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Standalone LinkScanner
[2012/05/03 22:33:15 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administration\Desktop\aswMBR.exe
[2012/05/03 22:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/05/03 22:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 15:24:32 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/05/03 13:01:12 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Local\AVG Secure Search
[2012/05/02 23:07:44 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/05/02 23:06:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/05/02 10:29:01 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2012/05/01 00:17:42 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\AVG
[2012/05/01 00:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/05/01 00:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/01 00:13:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/04/30 23:37:43 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\DriverCure
[2012/04/30 23:37:42 | 000,000,000 | ---D | C] -- C:\Users\Administration\AppData\Roaming\SpeedMaxPc
[2012/04/30 23:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedMaxPc
[2012/04/30 23:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedMaxPc
[2012/04/20 22:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/19 04:50:26 | 000,024,896 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys

========== Files - Modified Within 30 Days ==========

[2012/05/04 11:39:59 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BDFAC2CA-BD71-4407-9A7C-132B98340CFD}.job
[2012/05/04 11:35:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1003UA.job
[2012/05/04 11:26:23 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/05/04 11:23:00 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1004UA.job
[2012/05/04 11:05:35 | 000,670,050 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/04 11:05:34 | 000,126,048 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/04 11:02:05 | 000,099,558 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\nvModes.001
[2012/05/04 11:00:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/04 10:59:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 10:59:24 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/04 10:58:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/04 10:56:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/04 10:42:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1005UA.job
[2012/05/04 10:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/04 10:34:03 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/04 10:06:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/04 09:38:14 | 000,099,558 | ---- | M] () -- C:\Users\Administration\AppData\Roaming\nvModes.dat
[2012/05/04 09:34:00 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administration\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/04 09:20:01 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/04 09:19:43 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E8D644CD-CB0A-45B4-83CB-74AA1394697F}.job
[2012/05/03 22:30:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administration\Desktop\aswMBR.exe
[2012/05/03 22:14:54 | 000,000,870 | ---- | M] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/03 22:14:54 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 22:02:10 | 000,002,087 | ---- | M] () -- C:\Users\Administration\Desktop\Google Chrome.lnk
[2012/05/03 22:02:10 | 000,002,049 | ---- | M] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/03 15:23:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1004Core.job
[2012/05/03 13:01:07 | 000,000,680 | ---- | M] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat
[2012/05/02 10:29:08 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Administration\Desktop\OTL.exe
[2012/05/01 12:45:23 | 000,043,008 | ---- | M] () -- C:\Users\Administration\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/01 08:45:09 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/05/01 00:16:23 | 000,000,959 | ---- | M] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/01 00:16:23 | 000,000,935 | ---- | M] () -- C:\Users\Administration\Desktop\AVG PC Tuneup 2011.lnk
[2012/04/30 23:38:45 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/04/30 21:35:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1003Core.job
[2012/04/30 13:41:59 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1005Core.job
[2012/04/20 22:31:54 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/05/04 10:34:03 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/03 22:14:54 | 000,000,870 | ---- | C] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/03 22:14:54 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/03 22:14:54 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 15:42:33 | 000,002,049 | ---- | C] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/03 15:24:32 | 000,002,087 | ---- | C] () -- C:\Users\Administration\Desktop\Google Chrome.lnk
[2012/05/03 15:18:52 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1004UA.job
[2012/05/03 15:18:50 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-503328607-868011794-2392554845-1004Core.job
[2012/05/02 23:08:22 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/05/01 00:16:23 | 000,000,959 | ---- | C] () -- C:\Users\Administration\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup 2011.lnk
[2012/05/01 00:16:23 | 000,000,935 | ---- | C] () -- C:\Users\Administration\Desktop\AVG PC Tuneup 2011.lnk
[2012/04/30 23:38:45 | 000,000,410 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Registration3.job
[2012/04/30 23:37:29 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\SpeedMaxPc Update3.job
[2012/04/20 22:31:54 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/04 20:47:57 | 000,000,680 | ---- | C] () -- C:\Users\Administration\AppData\Local\d3d9caps.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#15
ridgback
Posted 04 May 2012 - 04:47 AM

ridgback

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
MBAM Log

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.04.01

Windows Vista x86 NTFS
Internet Explorer 8.0.6001.18813
Administration :: MARTIN-PC [administrator]

Protection: Enabled

04/05/2012 10:37:09
mbam-log-2012-05-04 (10-37-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 287833
Time elapsed: 9 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.

Registry Keys Detected: 26
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search| (Adware.Hotbar) -> Data: http://edits.mywebse...?p=ZUxdm567YYGB -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 8
C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Delete on reboot.
C:\Users\Administration\AppData\Local\Temp\seyskfecacsvveww.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
C:\Users\Administration\Favorites\Free Porn Videos & Sex Movies - [bleep], XXX, Porn Tube and Pussy Porn.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP