Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Metropolitan Police Warning [Solved]

Started by Steviep , Nov 21 2012 09:30 AM

This topic is locked

#16
Steviep

Posted 22 November 2012 - 01:42 PM

Member

Topic Starter
Member
338 posts

Hi,

Started windows normally and I now have a blank screen that only has poiner I've tried windows + R and nothing happens ?

#17
Essexboy

Posted 22 November 2012 - 01:47 PM

GeekU Moderator

Retired Staff
69,964 posts

OK can you right click the desktop and select personalise ?

Also is safe mode now available ?

#18
Steviep

Posted 22 November 2012 - 01:48 PM

Member

Topic Starter
Member
338 posts

Just went to shut down laptop to try rebooting - control alt delete and pressed restart then desktop came up and seemed to be running a program called pc performance before closing down?

#19
Essexboy

Posted 22 November 2012 - 02:01 PM

GeekU Moderator

Retired Staff
69,964 posts

OK I can not see where that is running from which is a tad weird

Download this fixlist.txt and do the same as before
Let me know what the desktop looks like when you reboot

#20
Steviep

Posted 22 November 2012 - 02:05 PM

Member

Topic Starter
Member
338 posts

after reooting I'm back to the white screen so tried running frst again and going into safe mode when restarted but white screen again, I rebooted again but in normal mode Ive got white screen - i had posted this before your reply above, just running new fix now

Edited by Steviep, 22 November 2012 - 02:08 PM.

#21
Steviep

Posted 22 November 2012 - 02:18 PM

Member

Topic Starter
Member
338 posts

hi did that and got white screen again

#22
Essexboy

Posted 22 November 2012 - 02:20 PM

GeekU Moderator

Retired Staff
69,964 posts

Does right clicking bring up the personalise menu ?

Are you still getting the boot loop in safe mode ?

#23
Steviep

Posted 22 November 2012 - 02:27 PM

Member

Topic Starter
Member
338 posts

Hi right click doesnt have any effect and I have white screen in both normal and safe modes

#24
Essexboy

Posted 22 November 2012 - 02:30 PM

GeekU Moderator

Retired Staff
69,964 posts

Go to the recovery console again and select system restore.
Select a point from two days ago
Let me know the result of that

#25
Steviep

Posted 22 November 2012 - 03:24 PM

Member

Topic Starter
Member
338 posts

Hi, did system restore and got desktop back however that pc performance program was trying to run so closed it from task manager, ran RogueKiller and here are the logs

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Ants [Admin rights]
Mode : Scan -- Date : 11/22/2012 21:08:55

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8331C9CB -> HOOKED (Unknown @ 0x878376A0)
SSDT[14] : NtAlertThread @ 0x832A55DD -> HOOKED (Unknown @ 0x87837328)
SSDT[19] : NtAllocateVirtualMemory @ 0x83252BB3 -> HOOKED (Unknown @ 0x87835F80)
SSDT[22] : NtAlpcConnectPort @ 0x83265DC8 -> HOOKED (Unknown @ 0x874EACB0)
SSDT[43] : NtAssignProcessToJobObject @ 0x832BE229 -> HOOKED (Unknown @ 0x87836708)
SSDT[74] : NtCreateMutant @ 0x832B4C83 -> HOOKED (Unknown @ 0x87837848)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x83233D3F -> HOOKED (Unknown @ 0x878368B0)
SSDT[87] : NtCreateThread @ 0x8331ABE2 -> HOOKED (Unknown @ 0x877FEA48)
SSDT[88] : NtCreateThreadEx @ 0x832A433F -> HOOKED (Unknown @ 0x878369A0)
SSDT[96] : NtDebugActiveProcess @ 0x832ED90C -> HOOKED (Unknown @ 0x878363B0)
SSDT[111] : NtDuplicateObject @ 0x832A0402 -> HOOKED (Unknown @ 0x87835228)
SSDT[131] : NtFreeVirtualMemory @ 0x830C5B45 -> HOOKED (Unknown @ 0x87834418)
SSDT[145] : NtImpersonateAnonymousToken @ 0x83298E2C -> HOOKED (Unknown @ 0x87837918)
SSDT[147] : NtImpersonateThread @ 0x83276EDA -> HOOKED (Unknown @ 0x878375C0)
SSDT[155] : NtLoadDriver @ 0x831EA1AC -> HOOKED (Unknown @ 0x874EF1C8)
SSDT[168] : NtMapViewOfSection @ 0x8327F7A5 -> HOOKED (Unknown @ 0x87834338)
SSDT[177] : NtOpenEvent @ 0x83275BFE -> HOOKED (Unknown @ 0x87837BD0)
SSDT[191] : NtOpenProcessToken @ 0x8329EDFD -> HOOKED (Unknown @ 0x87835168)
SSDT[194] : NtOpenSection @ 0x832AE55B -> HOOKED (Unknown @ 0x87837E68)
SSDT[198] : NtOpenThread @ 0x832B75AD -> HOOKED (Unknown @ 0x877FF0E0)
SSDT[215] : NtProtectVirtualMemory @ 0x832860BB -> HOOKED (Unknown @ 0x87836638)
SSDT[304] : NtResumeThread @ 0x83271B7D -> HOOKED (Unknown @ 0x878373E8)
SSDT[316] : NtSetContextThread @ 0x8331C477 -> HOOKED (Unknown @ 0x87834998)
SSDT[333] : NtSetInformationProcess @ 0x8324FEF9 -> HOOKED (Unknown @ 0x87834610)
SSDT[350] : NtSetSystemInformation @ 0x8322D07A -> HOOKED (Unknown @ 0x87836490)
SSDT[366] : NtSuspendProcess @ 0x8331C907 -> HOOKED (Unknown @ 0x87837AF0)
SSDT[367] : NtSuspendThread @ 0x832D6D58 -> HOOKED (Unknown @ 0x8783F6A0)
SSDT[385] : NtUnmapViewOfSection @ 0x832A204D -> HOOKED (Unknown @ 0x878346E0)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87AAC130)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x882BBAC0)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x882BEA38)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x882BB858)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x882BEB08)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x882D7938)

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM250HI +++++
--- User ---
[MBR] b56368d5d993569828e5b4c19b59f3db
[BSP] c3a66a28150484df6b93cfc91deec495 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 111505 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 260026368 | Size: 111508 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11222012_02d2108.txt >>
RKreport[1]_S_11222012_02d2108.txt

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Ants [Admin rights]
Mode : Remove -- Date : 11/22/2012 21:09:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x8331C9CB -> HOOKED (Unknown @ 0x878376A0)
SSDT[14] : NtAlertThread @ 0x832A55DD -> HOOKED (Unknown @ 0x87837328)
SSDT[19] : NtAllocateVirtualMemory @ 0x83252BB3 -> HOOKED (Unknown @ 0x87835F80)
SSDT[22] : NtAlpcConnectPort @ 0x83265DC8 -> HOOKED (Unknown @ 0x874EACB0)
SSDT[43] : NtAssignProcessToJobObject @ 0x832BE229 -> HOOKED (Unknown @ 0x87836708)
SSDT[74] : NtCreateMutant @ 0x832B4C83 -> HOOKED (Unknown @ 0x87837848)
SSDT[86] : NtCreateSymbolicLinkObject @ 0x83233D3F -> HOOKED (Unknown @ 0x878368B0)
SSDT[87] : NtCreateThread @ 0x8331ABE2 -> HOOKED (Unknown @ 0x877FEA48)
SSDT[88] : NtCreateThreadEx @ 0x832A433F -> HOOKED (Unknown @ 0x878369A0)
SSDT[96] : NtDebugActiveProcess @ 0x832ED90C -> HOOKED (Unknown @ 0x878363B0)
SSDT[111] : NtDuplicateObject @ 0x832A0402 -> HOOKED (Unknown @ 0x87835228)
SSDT[131] : NtFreeVirtualMemory @ 0x830C5B45 -> HOOKED (Unknown @ 0x87834418)
SSDT[145] : NtImpersonateAnonymousToken @ 0x83298E2C -> HOOKED (Unknown @ 0x87837918)
SSDT[147] : NtImpersonateThread @ 0x83276EDA -> HOOKED (Unknown @ 0x878375C0)
SSDT[155] : NtLoadDriver @ 0x831EA1AC -> HOOKED (Unknown @ 0x874EF1C8)
SSDT[168] : NtMapViewOfSection @ 0x8327F7A5 -> HOOKED (Unknown @ 0x87834338)
SSDT[177] : NtOpenEvent @ 0x83275BFE -> HOOKED (Unknown @ 0x87837BD0)
SSDT[191] : NtOpenProcessToken @ 0x8329EDFD -> HOOKED (Unknown @ 0x87835168)
SSDT[194] : NtOpenSection @ 0x832AE55B -> HOOKED (Unknown @ 0x87837E68)
SSDT[198] : NtOpenThread @ 0x832B75AD -> HOOKED (Unknown @ 0x877FF0E0)
SSDT[215] : NtProtectVirtualMemory @ 0x832860BB -> HOOKED (Unknown @ 0x87836638)
SSDT[304] : NtResumeThread @ 0x83271B7D -> HOOKED (Unknown @ 0x878373E8)
SSDT[316] : NtSetContextThread @ 0x8331C477 -> HOOKED (Unknown @ 0x87834998)
SSDT[333] : NtSetInformationProcess @ 0x8324FEF9 -> HOOKED (Unknown @ 0x87834610)
SSDT[350] : NtSetSystemInformation @ 0x8322D07A -> HOOKED (Unknown @ 0x87836490)
SSDT[366] : NtSuspendProcess @ 0x8331C907 -> HOOKED (Unknown @ 0x87837AF0)
SSDT[367] : NtSuspendThread @ 0x832D6D58 -> HOOKED (Unknown @ 0x8783F6A0)
SSDT[385] : NtUnmapViewOfSection @ 0x832A204D -> HOOKED (Unknown @ 0x878346E0)
S_SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x87AAC130)
S_SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x882BBAC0)
S_SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x882BEA38)
S_SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x882BB858)
S_SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x882BEB08)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x882D7938)

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM250HI +++++
--- User ---
[MBR] b56368d5d993569828e5b4c19b59f3db
[BSP] c3a66a28150484df6b93cfc91deec495 : KIWI Image system MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 111505 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 260026368 | Size: 111508 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11222012_02d2109.txt >>
RKreport[1]_S_11222012_02d2108.txt ; RKreport[2]_D_11222012_02d2109.txt

RogueKiller V8.3.1 [Nov 22 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Ants [Admin rights]
Mode : Shortcuts HJfix -- Date : 11/22/2012 21:16:57

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 164 / Fail 0
My documents: Success 8 / Fail 8
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 20 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 917 / Fail 23
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_11222012_02d2116.txt >>
RKreport[1]_S_11222012_02d2108.txt ; RKreport[2]_D_11222012_02d2109.txt ; RKreport[3]_SC_11222012_02d2116.txt

#26
Essexboy

Posted 22 November 2012 - 04:14 PM

GeekU Moderator

Retired Staff
69,964 posts

Great now lets kill the rest

Download OTL to your Desktop
Secondary link

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Select All Users
Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#27
Steviep

Posted 22 November 2012 - 04:39 PM

Member

Topic Starter
Member
338 posts

OTL logfile created on: 11/22/2012 10:24:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 55.12% Memory free
5.86 Gb Paging File | 4.34 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 45.81 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 22:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe
PRC - [2012/11/08 20:44:41 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/08 20:44:41 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/05 15:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2012/08/18 11:18:47 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/05/02 21:52:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2012/05/02 21:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2012/01/26 18:53:31 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2012/01/02 01:00:31 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/16 14:17:46 | 003,670,528 | ---- | M] (Lime PRO LLC) -- C:\Program Files\Lime PRO\LimePro.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/09/20 16:16:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 21:41:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 21:41:09 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 21:41:06 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/30 15:50:46 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/09/07 23:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 10:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 04:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 07:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/08 20:44:41 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/08 20:44:41 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 20:44:41 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2010/04/16 13:11:02 | 000,650,920 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPNotifier.exe
MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/03/30 22:38:16 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/03/30 22:38:16 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/30 15:50:46 | 000,090,112 | ---- | M] () -- C:\Program Files\LimeWire\lib\SystemUtilities.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2012/11/08 20:44:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/05 15:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2012/11/08 20:44:41 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 14:34:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 14:34:47 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Unknown] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11220.sys -- (EraserUtilDrv11220)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/22 20:52:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/22 20:51:38 | 000,000,000 | ---D | M]

[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/17 01:04:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/17 01:01:09 | 000,047,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\WdfLdr.sys
[2012/11/17 01:01:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\Wdfres.dll
[2012/11/17 00:59:31 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFPlatform.dll
[2012/11/17 00:59:30 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFx.dll
[2012/11/17 00:59:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WUDFCoinstaller.dll
[2012/11/17 00:58:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/11/17 00:58:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/11/17 00:58:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012/11/17 00:58:45 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/11/17 00:58:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe
[2012/11/17 00:58:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll
[2012/11/17 00:58:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/11/17 00:58:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2012/11/16 15:39:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\synceng.dll
[2012/11/16 15:39:55 | 002,344,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 20:44:48 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
[2012/10/24 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}

========== Files - Modified Within 30 Days ==========

[2012/11/22 22:15:01 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/22 22:15:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
[2012/11/22 21:46:06 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/22 21:46:06 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/22 21:03:43 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 21:03:42 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 20:56:02 | 100,920,059 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2012/11/22 20:50:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/22 20:50:00 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/11/19 03:31:38 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat
[2012/11/18 15:02:15 | 000,000,262 | ---- | M] () -- C:\windows\tasks\PC Performer_DEFAULT.job
[2012/11/17 12:46:43 | 000,418,256 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/17 01:09:23 | 000,662,770 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/17 01:09:23 | 000,123,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/11 16:49:30 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ants.job
[2012/11/08 20:44:41 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2012/11/07 16:59:01 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 20:44:33 | 000,629,730 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavifw.avm

========== Files Created - No Company Name ==========

[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/11/19 03:31:38 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat
[2012/11/17 01:01:12 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 00:59:30 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 01:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2009/07/14 01:14:53 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 01:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/07/14 01:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/07/14 01:14:59 | 000,493,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/17 05:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 01:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/04 21:23:55 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/06/02 04:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/07/14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/07/14 01:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 05:29:23 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 01:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 01:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 01:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/07/14 01:15:33 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 01:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 01:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 01:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 01:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2009/07/14 01:16:03 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 01:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 10:35:34 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 05:41:06 | 000,316,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/17 05:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 01:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/07/14 01:16:12 | 000,285,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/07/14 01:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 01:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/17 05:36:26 | 000,022,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2010/12/21 05:38:24 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 05:46:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/14 01:16:14 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/02 04:39:32 | 000,749,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/07/14 01:16:15 | 000,241,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 01:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/02 04:52:09 | 000,163,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/07/14 01:14:43 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/07/14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/07/14 01:14:57 | 000,473,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2009/07/14 01:16:13 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:16:18 | 001,086,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2009/07/14 01:15:41 | 000,565,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/07/14 01:16:18 | 000,462,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2009/07/14 01:14:25 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 01:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 22:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/07/14 01:15:12 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 01:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/07/14 01:16:19 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 01:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 05:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 05:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 05:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 05:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 06:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/10 21:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.EXE >
[2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 01:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 02:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 04:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/04 17:23:49 | 000,001,601 | ---- | M] () MD5=A239A55B6A3C3A28017AE157B5AE6686 -- C:\Users\Ants\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\SFPNMLNR\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/10 21:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 02:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 21:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/13 20:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 01:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 06:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 05:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 12:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 01:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/13 21:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >

OTL Extras logfile created on: 11/22/2012 10:24:30 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 55.12% Memory free
5.86 Gb Paging File | 4.34 Gb Available in Paging File | 74.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 45.81 Gb Free Space | 42.07% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05429B19-3809-42D0-9CC9-B4341D3820E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DA73F01-5BFE-4D5F-9552-4E946B7CB7B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A7FF64B-2BE8-47D1-9743-F5D96ABC6C68}" = rport=445 | protocol=6 | dir=out | app=system |
"{27F642B4-B05A-4FCC-9AB3-11FB4A3207B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F456C1C-1CA0-47D3-A869-9603A25DF9B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41ED0014-AEC8-4EC8-969F-14D4C88F7317}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{420489BD-FD1E-4DA4-86DD-4B2BE222068A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42E0771B-7074-4873-A1DA-E3110782C0E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5383F9F9-46D5-43C7-B32E-55C9492EC06E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F7E1DFD-3B82-423F-BBB4-351AEFAF682C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7239B5EC-A258-49CF-83F0-611422E27ABE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78015A70-C5A8-46A7-8DF4-04719C93E184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78964069-7C18-4B3B-8C34-6208729D6793}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C1F32D-217A-4F6C-B33F-195FAA1EB18E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AEF0DBC-05A0-44AB-B457-68284007382D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9971411C-E6E3-450A-A44A-10B514D7C5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B7912B9-E3A2-4913-89CF-3442E3041D31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22038FD-36EA-4B8B-9BEE-6BBD2F99BF07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70F18EF-68E2-4960-AFF2-8A6502FD94B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5738A7A-C1F7-455F-AFA8-D7B4DC1C461C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C8AE4CDE-D485-44E3-9071-ABDB73AEA5E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1EC582F-0AF0-4E38-91E1-83EBA94AA892}" = rport=138 | protocol=17 | dir=out | app=system |
"{E07A5B92-2D20-4CA9-BE8A-8672B6603B47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E19BCD01-37F7-46FA-93C3-E6B862654DA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E273E01B-B3F3-438E-9530-87E6081BAE3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E45D5BDC-7CF9-4038-95EC-5F669FBCC80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E551C99B-E941-457D-99A7-4079774EAD6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF9AC092-8725-4811-B0BF-9D54E447373F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108041B6-B484-49C2-B7D4-794C7726CD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"{1A065532-D868-4321-9AD4-0093A485E8E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{266AAAD6-4480-498E-8E72-5000A3BA184A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27322775-68E3-471F-B488-550DA6591BCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{32B1A1B3-FEEC-46BB-A596-A984F4E7DC62}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C949418-BC64-4F98-B37A-B5C82D81C7F7}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4095DFE5-EF9A-40BC-84BC-315DA13BD6AC}" = dir=in | app=c:\users\ants\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{4BBAEB43-F941-4A7B-BBA7-FA1190F90497}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{4D755D8C-B755-47EF-A375-FBAAB0C52336}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5734B014-431D-4D62-AB92-BC71D06AAF59}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{57F36584-96CE-4FFD-AD96-9E0262BFFB3E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5D1C0797-2EB8-4ABD-AE26-9EDF015A33C5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{636F72C7-C773-4EB1-8A46-59EB68529C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F485594-DAF0-4498-A573-6B4B7DB5A5F7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7540A0BE-AE80-44AB-8F51-866BAF8FBF8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D07CA63-3398-4FD0-9E4E-C40B4167CC5A}" = protocol=1 | dir=out | [email protected],-28544 |
"{7F6DC86F-EC04-41F6-AEC4-8C5BF9CDA7D3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8AA7E85C-0057-47DB-BBBF-8F19A1475B8C}" = protocol=6 | dir=out | app=system |
"{8C34D6BA-C9E8-40C7-B625-4EE206405615}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91A51252-23D5-4289-92B3-A412A91DAA31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9704C394-7E77-449B-9F08-52C62081C338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97B2CF61-C17B-4AD3-A1FB-740EA50530AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{993BEA7B-3697-4022-97E1-F7DB35312AB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A34B2B7E-789D-4D14-85AF-AA774A8CFEB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A42199A9-62AF-4DAC-831A-0F41D6996A39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7ED8493-9DE3-4315-80DB-E3D45F33B2DC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7D63D0C-6AE2-4267-BFA3-51412028C05C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9668ADC-A392-4F6F-82E7-9CAD3B5E02ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98507E6-386A-4DCA-BB93-6BE56ED7AAD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB4B176D-407C-468A-A15C-79E143F6418D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD5131ED-37ED-46F7-B581-87F50129832B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0ECC68F-2379-47D2-A297-A62C03F640B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F41A3D-5565-4760-A1D6-A9D696D63478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66D1848-6E26-41D7-9DC6-409890002D4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF5CA1C6-985F-4FA3-B6E4-DB1CF7920014}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E13F8931-58ED-4097-8565-38D594957FBA}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC5A5D1A-24BF-470D-9BE1-0FF40583F1AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FDC0B94A-B864-4DE7-B3F3-24A9610A79A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1" = Lime PRO 3.0.1.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG Secure Search" = AVG Security Toolbar
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.2
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LimeWire" = LimeWire 5.3.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"PC Performer_is1" = PC Performer
"PhotoScape" = PhotoScape
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Password Recovery for MSN" = Password Recovery for MSN (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/9/2012 4:37:41 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/9/2012 4:37:41 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1186

Error - 1/9/2012 4:37:41 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1186

Error - 1/9/2012 4:37:43 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/9/2012 4:37:43 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2340

Error - 1/9/2012 4:37:43 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2340

Error - 1/9/2012 5:00:58 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/9/2012 5:00:58 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1398050

Error - 1/9/2012 5:00:58 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1398050

Error - 1/10/2012 6:08:43 PM | Computer Name = Ants-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ Media Center Events ]
Error - 5/28/2010 5:54:01 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:01 - Error connecting to the internet. 10:54:01 - Unable
to contact server..

Error - 5/28/2010 5:54:12 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:07 - Error connecting to the internet. 10:54:07 - Unable
to contact server..

[ System Events ]
Error - 11/22/2012 4:01:14 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/22/2012 4:01:14 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 11/22/2012 4:01:19 PM | Computer Name = Ants-PC | Source = DCOM | ID = 10005
Description =

Error - 11/22/2012 4:01:20 PM | Computer Name = Ants-PC | Source = DCOM | ID = 10005
Description =

Error - 11/22/2012 4:02:13 PM | Computer Name = Ants-PC | Source = DCOM | ID = 10010
Description =

Error - 11/22/2012 4:06:11 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Oberon
Media Game Console service service to connect.

Error - 11/22/2012 4:06:11 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7000
Description = The Oberon Media Game Console service service failed to start due
to the following error: %%1053

Error - 11/22/2012 4:07:31 PM | Computer Name = Ants-PC | Source = DCOM | ID = 10010
Description =

Error - 11/22/2012 4:15:55 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Oberon
Media Game Console service service to connect.

Error - 11/22/2012 4:15:55 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7000
Description = The Oberon Media Game Console service service failed to start due
to the following error: %%1053

< End of report >

#28
Essexboy

Posted 22 November 2012 - 04:54 PM

GeekU Moderator

Retired Staff
69,964 posts

How is the computer behaving now ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.


:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#29
Steviep

Posted 22 November 2012 - 05:26 PM

Member

Topic Starter
Member
338 posts

Hi Did that however after the reboot that PC performance program started to run again so I closed it again through Task Manager and have now uninstalled it, here is the OTL log file

OTL logfile created on: 11/22/2012 11:15:35 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 41.26% Memory free
5.86 Gb Paging File | 4.08 Gb Available in Paging File | 69.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 54.79 Gb Free Space | 50.31% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/22 22:19:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe
PRC - [2012/11/08 20:44:41 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/11/08 20:44:41 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/05 15:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files\Wajam\Updater\WajamUpdater.exe
PRC - [2012/08/18 11:18:47 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/05/02 21:52:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2012/05/02 21:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2012/01/26 18:53:31 | 002,077,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/08/16 14:17:46 | 003,670,528 | ---- | M] (Lime PRO LLC) -- C:\Program Files\Lime PRO\LimePro.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/09/20 16:16:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 21:41:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 21:41:09 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 21:41:06 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/30 15:50:46 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe
PRC - [2009/09/07 23:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 10:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 04:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 07:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/08 20:44:41 | 000,997,320 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/11/08 20:44:41 | 000,566,728 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/08 20:44:41 | 000,134,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2010/04/20 13:26:44 | 000,300,912 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe
MOD - [2010/04/16 13:11:02 | 000,155,648 | ---- | M] () -- C:\Program Files\Samsung\Samsung Update Plus\HMXML.dll
MOD - [2010/03/30 22:38:16 | 000,077,824 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_log-vc71-mt-1_32.dll
MOD - [2010/03/30 22:38:16 | 000,057,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\boost_thread-vc71-mt-1_32.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/09/30 15:50:46 | 000,090,112 | ---- | M] () -- C:\Program Files\LimeWire\lib\SystemUtilities.dll
MOD - [2006/08/24 12:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files\Messenger Plus! Live\Detoured.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll

========== Services (SafeList) ==========

SRV - [2012/11/08 20:44:41 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/05 15:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

========== Driver Services (SafeList) ==========

DRV - [2012/11/08 20:44:41 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/15 14:34:47 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/15 14:34:47 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 20:44:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/22 23:11:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/22 23:11:03 | 000,000,000 | ---D | M]

[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2012/11/22 22:56:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 22:56:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/17 01:04:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 20:44:48 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
[2012/10/24 13:53:10 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B256738-2F71-4159-A8EE-B4CF19CF6349}

========== Files - Modified Within 30 Days ==========

[2012/11/22 23:19:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 23:19:11 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/22 23:10:46 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/22 23:10:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/22 23:10:03 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/22 22:56:47 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/22 22:53:27 | 100,952,030 | ---- | M] () -- C:\windows\System32\drivers\Avg\incavi.avm
[2012/11/22 22:46:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/22 22:15:01 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/22 22:15:01 | 000,000,900 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000Core.job
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/11/19 03:31:38 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat
[2012/11/18 15:02:15 | 000,000,262 | ---- | M] () -- C:\windows\tasks\PC Performer_DEFAULT.job
[2012/11/17 12:46:43 | 000,418,256 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/11/17 01:09:23 | 000,662,770 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/17 01:09:23 | 000,123,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/11 16:49:30 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ants.job
[2012/11/08 20:44:41 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\windows\System32\drivers\avgtpx86.sys
[2012/11/07 16:59:01 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/02 20:44:33 | 000,629,730 | ---- | M] () -- C:\windows\System32\drivers\Avg\iavifw.avm

========== Files Created - No Company Name ==========

[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/11/19 03:31:38 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat
[2012/11/17 01:01:12 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 00:59:30 | 000,000,003 | ---- | C] () -- C:\windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.#
[2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9
[2012/03/07 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\FrostWire
[2010/03/31 05:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameConsole
[2010/09/11 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameTuts
[2012/11/22 23:13:26 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\LimeWire
[2012/10/14 23:36:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PerformerSoft
[2012/10/16 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PhotoScape
[2011/06/30 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\TeamViewer

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >

Edited by Steviep, 22 November 2012 - 05:36 PM.

#30
Essexboy

Posted 23 November 2012 - 03:26 AM

GeekU Moderator

Retired Staff
69,964 posts

PC Performance is not a rogue programme however, it is not really worth the disc space

There are two antivirus programmes running, this is one case where more is not better AVG & Norton

Below are the links for the removal tools. I will give both so that you can determine which one to remove

AVG
Norton

Remove the programme from control panel and then run the removal tool to clean up

Any problems apparent now ?