Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Metropolitan Police Warning [Solved]


  • This topic is locked This topic is locked

#31
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Morning,

Tried laptop this morning and all seemed fine although seems to be a bit slow on startup, I'll check with my friend and see which anti virus she wants to keep- I have a feeling she'll keep Norton as she's paid for it :), is it worth me running CCleaner and malwarbytes and Its also saying there is a Java update to install or am I jumping too far ahead?
  • 0

Advertisements


#32
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No the next step would be to run malwarebytes and check for orphans. So if you could update it and run a quickscan then post the log

Allow all system updates, I will empty all the temp folders when I clean up as OTL does a better job than CC
  • 0

#33
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi, Let Java update and windows updates and removed avg however PC wont now start as after it says loading windows I et a blue screen which at the start says Driver IRQL not less than or equal to then it tries to restart with the same problem each time.

I've tried to do a system restore to this morning however it was unsuccessful says "an unspecified error occured during system restore.(0x8000ffff)

Edited by Steviep, 23 November 2012 - 11:43 AM.

  • 0

#34
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Was that straight after removing AVG ?

Did you try a restore point from the recovery console ?
  • 0

#35
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
It happened when the laptop was restarted to complete the uninstall, yes used the recovery console and there was a restore point from this morning
  • 0

#36
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK go back to the previous one and let me know if you get the same error please
  • 0

#37
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi, same error I'm afraid
  • 0

#38
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to start in safe mode ?
  • 0

#39
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Yes I've managed to get in in safe mode and says system restore completed successfully and restored to 30/09/12 should i try starting normally again?

Edited by Steviep, 23 November 2012 - 12:50 PM.

  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes try that .. Although the system may not have restored as that is a known glitch with 7

There is a workaround but it is a tad long winded
  • 0

Advertisements


#41
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
Hi,

Managed to get in normally again
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK could you run another OTL quickscan so I can check that all is OK please
  • 0

#43
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
OTL logfile created on: 11/23/2012 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/23 20:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe
PRC - [2012/07/11 21:10:47 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/05/02 21:52:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2012/05/02 21:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2012/01/02 01:00:31 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/16 14:17:46 | 003,670,528 | ---- | M] (Lime PRO LLC) -- C:\Program Files\Lime PRO\LimePro.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 21:41:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/07 23:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 10:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 04:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 07:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:22 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/08/24 12:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files\Messenger Plus! Live\Detoured.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/13 21:09:12 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 21:09:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/11/24 02:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/23 18:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/23 17:59:55 | 000,000,000 | ---D | M]

[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\

O1 HOSTS File: ([2012/11/22 22:56:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/23 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{870AB0D2-1B38-4645-9CA6-68059E1C7088}
[2012/11/23 15:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/23 15:43:13 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/11/23 15:12:35 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/11/23 15:12:31 | 000,000,000 | ---D | C] -- C:\d6f6f9445f6c1896bd8766e6068641
[2012/11/23 15:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C226E9DB-F122-45E0-B7DD-0573A22C80B9}
[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 22:56:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}

========== Files - Modified Within 30 Days ==========

[2012/11/23 20:30:37 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/23 20:30:37 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 20:30:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:06:22 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/23 18:06:22 | 000,128,134 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/23 18:00:26 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 17:59:08 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:47:22 | 283,840,070 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/22 22:56:47 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg

========== Files Created - No Company Name ==========

[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.#
[2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9
[2012/03/07 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\FrostWire
[2010/03/31 05:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameConsole
[2010/09/11 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameTuts
[2012/11/24 02:27:26 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\LimeWire
[2012/11/22 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PerformerSoft
[2012/11/24 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PhotoScape
[2011/06/30 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\TeamViewer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54

< End of report >


OTL Extras logfile created on: 11/23/2012 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS

Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05429B19-3809-42D0-9CC9-B4341D3820E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DA73F01-5BFE-4D5F-9552-4E946B7CB7B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A7FF64B-2BE8-47D1-9743-F5D96ABC6C68}" = rport=445 | protocol=6 | dir=out | app=system |
"{27F642B4-B05A-4FCC-9AB3-11FB4A3207B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F456C1C-1CA0-47D3-A869-9603A25DF9B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41ED0014-AEC8-4EC8-969F-14D4C88F7317}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{420489BD-FD1E-4DA4-86DD-4B2BE222068A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42E0771B-7074-4873-A1DA-E3110782C0E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5383F9F9-46D5-43C7-B32E-55C9492EC06E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F7E1DFD-3B82-423F-BBB4-351AEFAF682C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7239B5EC-A258-49CF-83F0-611422E27ABE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78015A70-C5A8-46A7-8DF4-04719C93E184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78964069-7C18-4B3B-8C34-6208729D6793}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C1F32D-217A-4F6C-B33F-195FAA1EB18E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AEF0DBC-05A0-44AB-B457-68284007382D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9971411C-E6E3-450A-A44A-10B514D7C5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B7912B9-E3A2-4913-89CF-3442E3041D31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22038FD-36EA-4B8B-9BEE-6BBD2F99BF07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70F18EF-68E2-4960-AFF2-8A6502FD94B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5738A7A-C1F7-455F-AFA8-D7B4DC1C461C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C8AE4CDE-D485-44E3-9071-ABDB73AEA5E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1EC582F-0AF0-4E38-91E1-83EBA94AA892}" = rport=138 | protocol=17 | dir=out | app=system |
"{E07A5B92-2D20-4CA9-BE8A-8672B6603B47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E19BCD01-37F7-46FA-93C3-E6B862654DA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E273E01B-B3F3-438E-9530-87E6081BAE3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E45D5BDC-7CF9-4038-95EC-5F669FBCC80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E551C99B-E941-457D-99A7-4079774EAD6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF9AC092-8725-4811-B0BF-9D54E447373F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108041B6-B484-49C2-B7D4-794C7726CD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"{11DE5010-D9A1-4804-95FA-FC60E854B961}" = dir=in | app=c:\users\ants\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1A065532-D868-4321-9AD4-0093A485E8E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{266AAAD6-4480-498E-8E72-5000A3BA184A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27322775-68E3-471F-B488-550DA6591BCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{32B1A1B3-FEEC-46BB-A596-A984F4E7DC62}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C949418-BC64-4F98-B37A-B5C82D81C7F7}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4BBAEB43-F941-4A7B-BBA7-FA1190F90497}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{4D755D8C-B755-47EF-A375-FBAAB0C52336}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5734B014-431D-4D62-AB92-BC71D06AAF59}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{57F36584-96CE-4FFD-AD96-9E0262BFFB3E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5D1C0797-2EB8-4ABD-AE26-9EDF015A33C5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{636F72C7-C773-4EB1-8A46-59EB68529C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F485594-DAF0-4498-A573-6B4B7DB5A5F7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7540A0BE-AE80-44AB-8F51-866BAF8FBF8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D07CA63-3398-4FD0-9E4E-C40B4167CC5A}" = protocol=1 | dir=out | [email protected],-28544 |
"{7F6DC86F-EC04-41F6-AEC4-8C5BF9CDA7D3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8AA7E85C-0057-47DB-BBBF-8F19A1475B8C}" = protocol=6 | dir=out | app=system |
"{8C34D6BA-C9E8-40C7-B625-4EE206405615}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91A51252-23D5-4289-92B3-A412A91DAA31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9704C394-7E77-449B-9F08-52C62081C338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97B2CF61-C17B-4AD3-A1FB-740EA50530AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{993BEA7B-3697-4022-97E1-F7DB35312AB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A34B2B7E-789D-4D14-85AF-AA774A8CFEB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A42199A9-62AF-4DAC-831A-0F41D6996A39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7ED8493-9DE3-4315-80DB-E3D45F33B2DC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7D63D0C-6AE2-4267-BFA3-51412028C05C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9668ADC-A392-4F6F-82E7-9CAD3B5E02ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98507E6-386A-4DCA-BB93-6BE56ED7AAD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB4B176D-407C-468A-A15C-79E143F6418D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD5131ED-37ED-46F7-B581-87F50129832B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0ECC68F-2379-47D2-A297-A62C03F640B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F41A3D-5565-4760-A1D6-A9D696D63478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66D1848-6E26-41D7-9DC6-409890002D4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF5CA1C6-985F-4FA3-B6E4-DB1CF7920014}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E13F8931-58ED-4097-8565-38D594957FBA}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC5A5D1A-24BF-470D-9BE1-0FF40583F1AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FDC0B94A-B864-4DE7-B3F3-24A9610A79A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1" = Lime PRO 3.0.1.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.2
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LimeWire" = LimeWire 5.3.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Password Recovery for MSN" = Password Recovery for MSN (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2012 4:03:24 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059

Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058

Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058

Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4228

Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4228

Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5226

Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5226

[ Media Center Events ]
Error - 5/28/2010 5:54:01 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:01 - Error connecting to the internet. 10:54:01 - Unable
to contact server..

Error - 5/28/2010 5:54:12 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:07 - Error connecting to the internet. 10:54:07 - Unable
to contact server..

[ System Events ]
Error - 11/23/2012 1:48:18 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:20 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 11/23/2012 1:59:48 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =

Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =


< End of report >
  • 0

#44
Steviep

Steviep

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 311 posts
I'm sorry to be a pain with this but after I posted the above logs I thought I would use the AVG tool to finish the uninstall ( dont ask me why I thought this would be a good idea) anyway the uninstaller needs to reboot the machine and now I can only access it in safe mode with no network access?
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try a manual removal from safe mode, try normal mode after this run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/11/24 02:34:17 | 000,000,000 | ---D | M]
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
[2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9
[2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.#

:Files
C:\Program Files\AVG
C:\Program Files\McAfee Security Scan
C:\Program Files\Common Files\AVG Secure Search

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP