Tried laptop this morning and all seemed fine although seems to be a bit slow on startup, I'll check with my friend and see which anti virus she wants to keep- I have a feeling she'll keep Norton as she's paid for it , is it worth me running CCleaner and malwarbytes and Its also saying there is a Java update to install or am I jumping too far ahead?
Metropolitan Police Warning [Solved]
Started by
Steviep
, Nov 21 2012 09:30 AM
#31
Posted 23 November 2012 - 03:48 AM
Tried laptop this morning and all seemed fine although seems to be a bit slow on startup, I'll check with my friend and see which anti virus she wants to keep- I have a feeling she'll keep Norton as she's paid for it , is it worth me running CCleaner and malwarbytes and Its also saying there is a Java update to install or am I jumping too far ahead?
#32
Posted 23 November 2012 - 06:51 AM
No the next step would be to run malwarebytes and check for orphans. So if you could update it and run a quickscan then post the log
Allow all system updates, I will empty all the temp folders when I clean up as OTL does a better job than CC
Allow all system updates, I will empty all the temp folders when I clean up as OTL does a better job than CC
#33
Posted 23 November 2012 - 10:29 AM
Hi, Let Java update and windows updates and removed avg however PC wont now start as after it says loading windows I et a blue screen which at the start says Driver IRQL not less than or equal to then it tries to restart with the same problem each time.
I've tried to do a system restore to this morning however it was unsuccessful says "an unspecified error occured during system restore.(0x8000ffff)
I've tried to do a system restore to this morning however it was unsuccessful says "an unspecified error occured during system restore.(0x8000ffff)
Edited by Steviep, 23 November 2012 - 11:43 AM.
#34
Posted 23 November 2012 - 12:09 PM
Was that straight after removing AVG ?
Did you try a restore point from the recovery console ?
Did you try a restore point from the recovery console ?
#35
Posted 23 November 2012 - 12:14 PM
It happened when the laptop was restarted to complete the uninstall, yes used the recovery console and there was a restore point from this morning
#36
Posted 23 November 2012 - 12:17 PM
OK go back to the previous one and let me know if you get the same error please
#37
Posted 23 November 2012 - 12:36 PM
Hi, same error I'm afraid
#38
Posted 23 November 2012 - 12:44 PM
Are you able to start in safe mode ?
#39
Posted 23 November 2012 - 12:45 PM
Yes I've managed to get in in safe mode and says system restore completed successfully and restored to 30/09/12 should i try starting normally again?
Edited by Steviep, 23 November 2012 - 12:50 PM.
#40
Posted 23 November 2012 - 12:54 PM
Yes try that .. Although the system may not have restored as that is a known glitch with 7
There is a workaround but it is a tad long winded
There is a workaround but it is a tad long winded
#41
Posted 23 November 2012 - 01:01 PM
Hi,
Managed to get in normally again
Managed to get in normally again
#42
Posted 23 November 2012 - 01:09 PM
OK could you run another OTL quickscan so I can check that all is OK please
#43
Posted 23 November 2012 - 03:47 PM
OTL logfile created on: 11/23/2012 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/23 20:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe
PRC - [2012/07/11 21:10:47 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/05/02 21:52:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2012/05/02 21:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2012/01/02 01:00:31 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/16 14:17:46 | 003,670,528 | ---- | M] (Lime PRO LLC) -- C:\Program Files\Lime PRO\LimePro.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 21:41:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/07 23:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 10:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 04:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 07:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:22 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/08/24 12:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files\Messenger Plus! Live\Detoured.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/13 21:09:12 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 21:09:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/11/24 02:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/23 18:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/23 17:59:55 | 000,000,000 | ---D | M]
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
O1 HOSTS File: ([2012/11/22 22:56:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/23 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{870AB0D2-1B38-4645-9CA6-68059E1C7088}
[2012/11/23 15:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/23 15:43:13 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/11/23 15:12:35 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/11/23 15:12:31 | 000,000,000 | ---D | C] -- C:\d6f6f9445f6c1896bd8766e6068641
[2012/11/23 15:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C226E9DB-F122-45E0-B7DD-0573A22C80B9}
[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 22:56:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
========== Files - Modified Within 30 Days ==========
[2012/11/23 20:30:37 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/23 20:30:37 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 20:30:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:06:22 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/23 18:06:22 | 000,128,134 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/23 18:00:26 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 17:59:08 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:47:22 | 283,840,070 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/22 22:56:47 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
========== Files Created - No Company Name ==========
[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.#
[2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9
[2012/03/07 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\FrostWire
[2010/03/31 05:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameConsole
[2010/09/11 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameTuts
[2012/11/24 02:27:26 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\LimeWire
[2012/11/22 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PerformerSoft
[2012/11/24 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PhotoScape
[2011/06/30 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\TeamViewer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
< End of report >
OTL Extras logfile created on: 11/23/2012 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05429B19-3809-42D0-9CC9-B4341D3820E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DA73F01-5BFE-4D5F-9552-4E946B7CB7B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A7FF64B-2BE8-47D1-9743-F5D96ABC6C68}" = rport=445 | protocol=6 | dir=out | app=system |
"{27F642B4-B05A-4FCC-9AB3-11FB4A3207B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F456C1C-1CA0-47D3-A869-9603A25DF9B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41ED0014-AEC8-4EC8-969F-14D4C88F7317}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{420489BD-FD1E-4DA4-86DD-4B2BE222068A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42E0771B-7074-4873-A1DA-E3110782C0E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5383F9F9-46D5-43C7-B32E-55C9492EC06E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F7E1DFD-3B82-423F-BBB4-351AEFAF682C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7239B5EC-A258-49CF-83F0-611422E27ABE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78015A70-C5A8-46A7-8DF4-04719C93E184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78964069-7C18-4B3B-8C34-6208729D6793}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C1F32D-217A-4F6C-B33F-195FAA1EB18E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AEF0DBC-05A0-44AB-B457-68284007382D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9971411C-E6E3-450A-A44A-10B514D7C5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B7912B9-E3A2-4913-89CF-3442E3041D31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22038FD-36EA-4B8B-9BEE-6BBD2F99BF07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70F18EF-68E2-4960-AFF2-8A6502FD94B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5738A7A-C1F7-455F-AFA8-D7B4DC1C461C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C8AE4CDE-D485-44E3-9071-ABDB73AEA5E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1EC582F-0AF0-4E38-91E1-83EBA94AA892}" = rport=138 | protocol=17 | dir=out | app=system |
"{E07A5B92-2D20-4CA9-BE8A-8672B6603B47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E19BCD01-37F7-46FA-93C3-E6B862654DA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E273E01B-B3F3-438E-9530-87E6081BAE3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E45D5BDC-7CF9-4038-95EC-5F669FBCC80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E551C99B-E941-457D-99A7-4079774EAD6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF9AC092-8725-4811-B0BF-9D54E447373F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108041B6-B484-49C2-B7D4-794C7726CD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"{11DE5010-D9A1-4804-95FA-FC60E854B961}" = dir=in | app=c:\users\ants\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1A065532-D868-4321-9AD4-0093A485E8E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{266AAAD6-4480-498E-8E72-5000A3BA184A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27322775-68E3-471F-B488-550DA6591BCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{32B1A1B3-FEEC-46BB-A596-A984F4E7DC62}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C949418-BC64-4F98-B37A-B5C82D81C7F7}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4BBAEB43-F941-4A7B-BBA7-FA1190F90497}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{4D755D8C-B755-47EF-A375-FBAAB0C52336}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5734B014-431D-4D62-AB92-BC71D06AAF59}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{57F36584-96CE-4FFD-AD96-9E0262BFFB3E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5D1C0797-2EB8-4ABD-AE26-9EDF015A33C5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{636F72C7-C773-4EB1-8A46-59EB68529C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F485594-DAF0-4498-A573-6B4B7DB5A5F7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7540A0BE-AE80-44AB-8F51-866BAF8FBF8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D07CA63-3398-4FD0-9E4E-C40B4167CC5A}" = protocol=1 | dir=out | [email protected],-28544 |
"{7F6DC86F-EC04-41F6-AEC4-8C5BF9CDA7D3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8AA7E85C-0057-47DB-BBBF-8F19A1475B8C}" = protocol=6 | dir=out | app=system |
"{8C34D6BA-C9E8-40C7-B625-4EE206405615}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91A51252-23D5-4289-92B3-A412A91DAA31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9704C394-7E77-449B-9F08-52C62081C338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97B2CF61-C17B-4AD3-A1FB-740EA50530AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{993BEA7B-3697-4022-97E1-F7DB35312AB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A34B2B7E-789D-4D14-85AF-AA774A8CFEB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A42199A9-62AF-4DAC-831A-0F41D6996A39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7ED8493-9DE3-4315-80DB-E3D45F33B2DC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7D63D0C-6AE2-4267-BFA3-51412028C05C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9668ADC-A392-4F6F-82E7-9CAD3B5E02ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98507E6-386A-4DCA-BB93-6BE56ED7AAD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB4B176D-407C-468A-A15C-79E143F6418D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD5131ED-37ED-46F7-B581-87F50129832B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0ECC68F-2379-47D2-A297-A62C03F640B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F41A3D-5565-4760-A1D6-A9D696D63478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66D1848-6E26-41D7-9DC6-409890002D4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF5CA1C6-985F-4FA3-B6E4-DB1CF7920014}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E13F8931-58ED-4097-8565-38D594957FBA}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC5A5D1A-24BF-470D-9BE1-0FF40583F1AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FDC0B94A-B864-4DE7-B3F3-24A9610A79A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1" = Lime PRO 3.0.1.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.2
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LimeWire" = LimeWire 5.3.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Password Recovery for MSN" = Password Recovery for MSN (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/6/2012 4:03:24 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4228
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4228
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5226
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5226
[ Media Center Events ]
Error - 5/28/2010 5:54:01 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:01 - Error connecting to the internet. 10:54:01 - Unable
to contact server..
Error - 5/28/2010 5:54:12 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:07 - Error connecting to the internet. 10:54:07 - Unable
to contact server..
[ System Events ]
Error - 11/23/2012 1:48:18 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:20 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:59:48 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.
Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =
Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/23 20:34:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ants\Downloads\OTL.exe
PRC - [2012/07/11 21:10:47 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/05/02 21:52:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2012/05/02 21:52:43 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2012/01/02 01:00:31 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/08/16 14:17:46 | 003,670,528 | ---- | M] (Lime PRO LLC) -- C:\Program Files\Lime PRO\LimePro.exe
PRC - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
PRC - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/02/26 05:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/06/22 21:41:14 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/07 23:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/09/07 10:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009/08/23 04:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009/08/06 07:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/07/14 01:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 01:14:22 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpksetup.exe
PRC - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2006/08/24 12:17:52 | 000,004,096 | ---- | M] () -- C:\Program Files\Messenger Plus! Live\Detoured.dll
MOD - [2006/08/12 03:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
========== Services (SafeList) ==========
SRV - [2012/07/10 00:55:28 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2011/11/10 13:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/10 12:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/06/01 12:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/06/25 00:48:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/13 20:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
========== Driver Services (SafeList) ==========
DRV - [2012/08/22 02:05:07 | 000,386,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120822.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/21 15:56:04 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/08/21 15:56:04 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120822.034\NAVENG.SYS -- (NAVENG)
DRV - [2012/08/13 21:09:12 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/13 21:09:12 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/08/11 00:25:14 | 000,995,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120811.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/07/23 21:22:59 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2011/08/08 15:38:12 | 000,132,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 18:22:10 | 000,566,904 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtsp.sys -- (SRTSP)
DRV - [2011/08/02 18:22:10 | 000,031,864 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\srtspx.sys -- (SRTSPX)
DRV - [2011/07/28 19:20:02 | 000,897,656 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymEFA.sys -- (SymEFA)
DRV - [2011/07/25 18:18:40 | 000,314,488 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\symnets.sys -- (SymNetS)
DRV - [2011/07/25 18:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\SymDS.sys -- (SymDS)
DRV - [2011/07/25 18:15:52 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1301000.01C\Ironx86.sys -- (SymIRON)
DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/12/02 09:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/12/02 09:36:42 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x)
DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x)
DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x)
DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x)
DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/07/17 03:31:38 | 001,176,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/07/13 23:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 23:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=smsn&bmod=smsn
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...F3-156E9C05E571
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7SMSN_enGB373
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ants\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/11/24 02:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/11/23 18:00:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/11/23 17:59:55 | 000,000,000 | ---D | M]
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions
[2010/07/05 16:57:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ants\AppData\Roaming\Mozilla\Extensions\[email protected]
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Ants\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\
O1 HOSTS File: ([2012/11/22 22:56:47 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [Facebook Update] C:\Users\Ants\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000..\Run: [lime pro] C:\Program Files\Lime PRO\LimePro.exe (Lime PRO LLC)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ants\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EEA44414-D6F4-4E72-B76E-8DD67461F6DA}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/23 18:02:44 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{870AB0D2-1B38-4645-9CA6-68059E1C7088}
[2012/11/23 15:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/11/23 15:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/11/23 15:43:13 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/11/23 15:12:35 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/11/23 15:12:31 | 000,000,000 | ---D | C] -- C:\d6f6f9445f6c1896bd8766e6068641
[2012/11/23 15:04:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C226E9DB-F122-45E0-B7DD-0573A22C80B9}
[2012/11/23 02:37:04 | 000,000,000 | ---D | C] -- C:\FRST
[2012/11/22 22:56:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/22 21:04:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\Desktop\RK_Quarantine
[2012/11/22 20:52:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B0B7F35F-8608-4C26-982A-67B8BFFAFB79}
[2012/11/22 20:17:36 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{0A683A6D-65A3-4494-BD62-6E3364C68282}
[2012/11/21 19:32:55 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9B62C9A3-DFCF-4729-A60C-B5C10461CCD7}
[2012/11/21 19:25:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{CAB544D8-8085-4B36-AFAC-843D07131A87}
[2012/11/19 03:30:23 | 000,000,000 | --SD | C] -- C:\found.000
[2012/11/19 02:30:47 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{100CFB67-3B41-439F-A48D-E26100A51736}
[2012/11/18 13:38:52 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BEAE4189-830E-4396-8296-3945E06B25CF}
[2012/11/17 12:49:00 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3B22E788-3F06-48B2-A920-195094B87D8C}
[2012/11/16 15:31:04 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B25EF871-FD15-4D7B-8486-E0209233F7AE}
[2012/11/15 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{4015A070-A693-4A7E-BF0C-BD03C2502868}
[2012/11/14 18:16:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0B0323-C6D0-4D2E-9AF3-7B04A43A74B0}
[2012/11/13 16:07:12 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B4ECAD6A-7FD3-46DA-ACA0-169CE20E918D}
[2012/11/12 14:13:35 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{B7F3F141-E75D-4873-B9C6-E1CA826D0758}
[2012/11/11 12:56:38 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C8518F3-DFB1-4507-86C4-0367B9CA8E4D}
[2012/11/11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{C72FB5E6-1B89-4B34-B197-9694CE8DF3B1}
[2012/11/10 12:10:42 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D1B95053-F465-49E4-AF07-C613CB990954}
[2012/11/09 15:52:09 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{5CA670AD-05CB-4A33-B37D-C8843D9C207B}
[2012/11/08 15:19:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9C0811DF-30D9-41ED-A2AF-4BF3A39287E2}
[2012/11/07 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{AED7C00F-6EA1-46D1-9E65-E7676634BB2C}
[2012/11/06 16:41:43 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{2C35AE5B-8E73-4532-A8D4-D1F040B9D9E5}
[2012/11/05 16:08:23 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{BF6EAAA2-26B0-4B75-ADCC-73F97F24C30A}
[2012/11/04 12:07:13 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F20A7FFF-4268-43C8-8C92-6DE47B53146F}
[2012/11/03 12:05:25 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{05392EC8-4797-4088-9D9E-2ACC59359559}
[2012/11/02 15:20:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9239D801-9871-4E35-809A-29F02EF156D9}
[2012/11/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{F73367C3-9AEE-4040-A458-4BA4E0A45BBE}
[2012/10/31 18:20:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{D5F95763-EE9D-42C0-A0FB-6E1BC7A47AB3}
[2012/10/30 16:22:30 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{9581B8EA-D32D-40E3-82DD-034CAC38B933}
[2012/10/29 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{3FCFF052-8AF8-465E-A866-DBA62408A93E}
[2012/10/28 17:35:45 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{8CD5EFF4-9A52-4AA6-B71A-3E0E1FDBFD9F}
[2012/10/27 08:58:18 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{FD908CCB-6D3C-404C-8ED2-6F8C9CF512FA}
[2012/10/26 14:11:50 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{50371C71-6ADB-40C4-A8DE-BE125C5C8686}
[2012/10/25 14:43:27 | 000,000,000 | ---D | C] -- C:\Users\Ants\AppData\Local\{145DA830-FD90-49EC-BD44-724BCDCCDE06}
========== Files - Modified Within 30 Days ==========
[2012/11/23 20:30:37 | 000,000,922 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1131658597-4005637612-88016806-1000UA.job
[2012/11/23 20:30:37 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/23 20:30:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:07:28 | 000,015,056 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/23 18:06:22 | 000,675,168 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/11/23 18:06:22 | 000,128,134 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/11/23 18:00:26 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/23 17:59:08 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/23 17:47:22 | 283,840,070 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/22 22:56:47 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/11/21 19:52:11 | 000,007,605 | ---- | M] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
========== Files Created - No Company Name ==========
[2012/11/21 19:51:42 | 000,007,605 | ---- | C] () -- C:\Users\Ants\AppData\Local\Resmon.ResmonCfg
[2012/01/11 19:51:56 | 000,068,455 | ---- | C] () -- C:\Users\Ants\AppData\Roaming\msconfig.dat
[2011/07/10 12:40:14 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{A601DAF0-A1C5-4CCB-961D-9E3B51E94D3D}
[2011/05/13 19:34:49 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{37291F92-2AD8-4E21-88A5-C28DABEE5D51}
[2011/04/27 14:17:09 | 000,000,000 | ---- | C] () -- C:\Users\Ants\AppData\Local\{63E7382F-4625-4A94-B4D4-EE227549C87D}
[2010/03/30 21:30:59 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== ZeroAccess Check ==========
[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.#
[2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9
[2012/03/07 18:28:22 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\FrostWire
[2010/03/31 05:36:01 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameConsole
[2010/09/11 22:39:05 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\GameTuts
[2012/11/24 02:27:26 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\LimeWire
[2012/11/22 23:32:59 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PerformerSoft
[2012/11/24 02:33:57 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\PhotoScape
[2011/06/30 16:32:31 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\TeamViewer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:4CF61E54
< End of report >
OTL Extras logfile created on: 11/23/2012 8:35:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ants\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.93 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 53.20% Memory free
5.86 Gb Paging File | 4.54 Gb Available in Paging File | 77.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 108.89 Gb Total Space | 59.19 Gb Free Space | 54.36% Space Free | Partition Type: NTFS
Drive D: | 108.89 Gb Total Space | 1.48 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Computer Name: ANTS-PC | User Name: Ants | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05429B19-3809-42D0-9CC9-B4341D3820E0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DA73F01-5BFE-4D5F-9552-4E946B7CB7B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A7FF64B-2BE8-47D1-9743-F5D96ABC6C68}" = rport=445 | protocol=6 | dir=out | app=system |
"{27F642B4-B05A-4FCC-9AB3-11FB4A3207B0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F456C1C-1CA0-47D3-A869-9603A25DF9B8}" = lport=445 | protocol=6 | dir=in | app=system |
"{41ED0014-AEC8-4EC8-969F-14D4C88F7317}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{420489BD-FD1E-4DA4-86DD-4B2BE222068A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42E0771B-7074-4873-A1DA-E3110782C0E7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5383F9F9-46D5-43C7-B32E-55C9492EC06E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F7E1DFD-3B82-423F-BBB4-351AEFAF682C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7239B5EC-A258-49CF-83F0-611422E27ABE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{78015A70-C5A8-46A7-8DF4-04719C93E184}" = rport=10243 | protocol=6 | dir=out | app=system |
"{78964069-7C18-4B3B-8C34-6208729D6793}" = lport=139 | protocol=6 | dir=in | app=system |
"{81C1F32D-217A-4F6C-B33F-195FAA1EB18E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8AEF0DBC-05A0-44AB-B457-68284007382D}" = lport=137 | protocol=17 | dir=in | app=system |
"{9971411C-E6E3-450A-A44A-10B514D7C5F7}" = rport=139 | protocol=6 | dir=out | app=system |
"{9B7912B9-E3A2-4913-89CF-3442E3041D31}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B22038FD-36EA-4B8B-9BEE-6BBD2F99BF07}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B70F18EF-68E2-4960-AFF2-8A6502FD94B3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5738A7A-C1F7-455F-AFA8-D7B4DC1C461C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C8AE4CDE-D485-44E3-9071-ABDB73AEA5E4}" = rport=137 | protocol=17 | dir=out | app=system |
"{D1EC582F-0AF0-4E38-91E1-83EBA94AA892}" = rport=138 | protocol=17 | dir=out | app=system |
"{E07A5B92-2D20-4CA9-BE8A-8672B6603B47}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E19BCD01-37F7-46FA-93C3-E6B862654DA4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E273E01B-B3F3-438E-9530-87E6081BAE3C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E45D5BDC-7CF9-4038-95EC-5F669FBCC80C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E551C99B-E941-457D-99A7-4079774EAD6D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EF9AC092-8725-4811-B0BF-9D54E447373F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{108041B6-B484-49C2-B7D4-794C7726CD5E}" = protocol=58 | dir=in | [email protected],-28545 |
"{11DE5010-D9A1-4804-95FA-FC60E854B961}" = dir=in | app=c:\users\ants\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1A065532-D868-4321-9AD4-0093A485E8E7}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{266AAAD6-4480-498E-8E72-5000A3BA184A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27322775-68E3-471F-B488-550DA6591BCC}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{32B1A1B3-FEEC-46BB-A596-A984F4E7DC62}" = protocol=58 | dir=out | [email protected],-28546 |
"{3C949418-BC64-4F98-B37A-B5C82D81C7F7}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{4BBAEB43-F941-4A7B-BBA7-FA1190F90497}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{4D755D8C-B755-47EF-A375-FBAAB0C52336}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{5734B014-431D-4D62-AB92-BC71D06AAF59}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{57F36584-96CE-4FFD-AD96-9E0262BFFB3E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{5D1C0797-2EB8-4ABD-AE26-9EDF015A33C5}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{636F72C7-C773-4EB1-8A46-59EB68529C1C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F485594-DAF0-4498-A573-6B4B7DB5A5F7}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7540A0BE-AE80-44AB-8F51-866BAF8FBF8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7D07CA63-3398-4FD0-9E4E-C40B4167CC5A}" = protocol=1 | dir=out | [email protected],-28544 |
"{7F6DC86F-EC04-41F6-AEC4-8C5BF9CDA7D3}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{8AA7E85C-0057-47DB-BBBF-8F19A1475B8C}" = protocol=6 | dir=out | app=system |
"{8C34D6BA-C9E8-40C7-B625-4EE206405615}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91A51252-23D5-4289-92B3-A412A91DAA31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9704C394-7E77-449B-9F08-52C62081C338}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97B2CF61-C17B-4AD3-A1FB-740EA50530AB}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{993BEA7B-3697-4022-97E1-F7DB35312AB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A34B2B7E-789D-4D14-85AF-AA774A8CFEB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A42199A9-62AF-4DAC-831A-0F41D6996A39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7ED8493-9DE3-4315-80DB-E3D45F33B2DC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B7D63D0C-6AE2-4267-BFA3-51412028C05C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{B9668ADC-A392-4F6F-82E7-9CAD3B5E02ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B98507E6-386A-4DCA-BB93-6BE56ED7AAD0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB4B176D-407C-468A-A15C-79E143F6418D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BD5131ED-37ED-46F7-B581-87F50129832B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0ECC68F-2379-47D2-A297-A62C03F640B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C0F41A3D-5565-4760-A1D6-A9D696D63478}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C66D1848-6E26-41D7-9DC6-409890002D4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF5CA1C6-985F-4FA3-B6E4-DB1CF7920014}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{E13F8931-58ED-4097-8565-38D594957FBA}" = protocol=1 | dir=in | [email protected],-28543 |
"{EC5A5D1A-24BF-470D-9BE1-0FF40583F1AF}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{FDC0B94A-B864-4DE7-B3F3-24A9610A79A8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19192A84-6172-4312-A661-D8F9A34585AB}" = VirtualDJ Home FREE
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D76918D7-995F-41F3-AEF0-30E8260052C2}_is1" = Lime PRO 3.0.1.0
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}" = SamsungMovie
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVG9Uninstall" = AVG 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.21.2
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LimeWire" = LimeWire 5.3.6
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NIS" = Norton Internet Security
"NSS" = Norton Security Scan
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1131658597-4005637612-88016806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Password Recovery for MSN" = Password Recovery for MSN (remove only)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/6/2012 4:03:24 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3058
Error - 1/6/2012 4:03:25 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3058
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4228
Error - 1/6/2012 4:03:26 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4228
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5226
Error - 1/6/2012 4:03:27 PM | Computer Name = Ants-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5226
[ Media Center Events ]
Error - 5/28/2010 5:54:01 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:01 - Error connecting to the internet. 10:54:01 - Unable
to contact server..
Error - 5/28/2010 5:54:12 AM | Computer Name = Ants-PC | Source = MCUpdate | ID = 0
Description = 10:54:07 - Error connecting to the internet. 10:54:07 - Unable
to contact server..
[ System Events ]
Error - 11/23/2012 1:48:18 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:20 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:48:21 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068
Error - 11/23/2012 1:59:48 PM | Computer Name = Ants-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.
Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =
Error - 11/23/2012 2:02:23 PM | Computer Name = Ants-PC | Source = WMPNetworkSvc | ID = 866314
Description =
< End of report >
#44
Posted 23 November 2012 - 04:08 PM
I'm sorry to be a pain with this but after I posted the above logs I thought I would use the AVG tool to finish the uninstall ( dont ask me why I thought this would be a good idea) anyway the uninstaller needs to reboot the machine and now I can only access it in safe mode with no network access?
#45
Posted 23 November 2012 - 04:15 PM
OK lets try a manual removal from safe mode, try normal mode after this run
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL SRV - [2010/11/24 15:28:03 | 002,331,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9) SRV - [2010/06/22 21:41:12 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd) SRV - [2010/06/22 21:41:09 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) DRV - [2011/09/12 16:07:41 | 000,029,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86) DRV - [2011/05/05 14:27:14 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX) DRV - [2010/06/22 21:41:10 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys -- (AVGIDSDriverw7x) DRV - [2010/06/22 21:41:10 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys -- (AVGIDSFilterw7x) DRV - [2010/06/22 21:41:10 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSwx.sys -- (AVGIDSErHrw7x) DRV - [2010/06/22 21:41:10 | 000,020,560 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys -- (AVGIDSShimw7x) DRV - [2010/06/22 21:41:07 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86) DRV - [2010/03/30 22:38:33 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (AvgRkx86) DRV - [2010/03/30 22:37:58 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) IE - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-08 11:00:21&v=10.0.0.7&sap=dsp&q={searchTerms} FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hotbar\bin\11.0.175.0\firefox\extensions FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/11/24 02:34:17 | 000,000,000 | ---D | M] O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1131658597-4005637612-88016806-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe () O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll () O20 - AppInit_DLLs: (avgrsstx.dll) - C:\windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) [2010/04/17 10:03:53 | 000,000,000 | ---D | M] -- C:\Users\Ants\AppData\Roaming\AVG9 [2010/03/31 05:36:12 | 000,000,000 | --SD | M] -- C:\Users\Ants\AppData\Roaming\.# :Files C:\Program Files\AVG C:\Program Files\McAfee Security Scan C:\Program Files\Common Files\AVG Secure Search :Commands [resethosts] [emptytemp] [CREATERESTOREPOINT] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users