Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

vprot.exe - Bad Image (AVG DLL error)

Started by Krishnaa , Feb 22 2013 03:02 AM

  • Please log in to reply

#1
Krishnaa
Posted 22 February 2013 - 03:02 AM

Krishnaa

    Member

  • Member
  • PipPip
  • 47 posts
Every time I boot up my PC, I get an error titled "vprot.exe - Bad Image" with a DLL error for an AVG DLL file (SiteSafety.dll), a screenshot of which I've attached.

Just yesterday one of my USB pen drives got infected with a worm/trojan (the one that changes normal folders to hidden and introduces an exe file with the same name). AVG removed the infected files, but I don't know if it could be the cause of this.

Also, I had Norton until recently, and I started getting BSOD errors very frequently and I performed a system restore and removed Norton and installed AVG. Even while Norton was in use, some DLL errors were popping up on each boot.

Here is the OTL log:

OTL logfile created on: 22/2/2013 2:16:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Krishnaa\Downloads\Programs
Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: d/M/yyyy

3.18 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 54.28% Memory free
6.35 Gb Paging File | 4.52 Gb Available in Paging File | 71.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 199.90 Gb Total Space | 138.44 Gb Free Space | 69.26% Space Free | Partition Type: NTFS
Drive E: | 244.14 Gb Total Space | 42.60 Gb Free Space | 17.45% Space Free | Partition Type: NTFS
Drive F: | 244.14 Gb Total Space | 177.43 Gb Free Space | 72.67% Space Free | Partition Type: NTFS
Drive G: | 243.23 Gb Total Space | 160.95 Gb Free Space | 66.17% Space Free | Partition Type: NTFS

Computer Name: KRISHNAA-PC | User Name: Krishnaa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/22 13:53:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Krishnaa\Downloads\Programs\OTL.exe
PRC - [2013/02/19 13:59:00 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/02/09 08:03:16 | 003,565,432 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/01/26 08:05:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/07 12:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2012/12/20 18:44:32 | 000,844,296 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/12/20 18:44:28 | 000,310,280 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/12/20 18:44:26 | 001,476,104 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2012/12/19 20:44:28 | 000,393,216 | ---- | M] (Box, Inc.) -- C:\Program Files\Box Sync\BoxSyncHelper.exe
PRC - [2012/12/19 00:38:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/12 19:14:48 | 000,268,248 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/27 21:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/04/30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011/12/12 15:38:06 | 011,761,456 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\BitComet.exe
PRC - [2011/01/05 13:28:42 | 009,212,720 | ---- | M] () -- C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
PRC - [2010/12/28 13:30:34 | 001,296,728 | ---- | M] (www.BitComet.com) -- C:\Program Files\BitComet\tools\BitCometService.exe
PRC - [2010/12/24 02:26:10 | 002,678,784 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
PRC - [2009/07/14 06:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 06:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/07 14:03:54 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/19 13:59:00 | 001,151,152 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/02/13 18:35:36 | 012,638,576 | ---- | M] () -- C:\Users\Krishnaa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/01/26 08:05:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 08:05:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 08:04:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 08:04:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 08:04:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/05 19:58:39 | 013,033,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\cee852f723ad3f93fd585e2fea85d796\Kies.Theme.ni.dll
MOD - [2013/01/05 19:58:38 | 000,601,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\492cae9b165bfc6c0247dd66578f3b51\DevicePodcast.ni.dll
MOD - [2013/01/05 19:58:38 | 000,306,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\6e81941463123613c57b16e60d0164b5\DummyStorePlugin.ni.dll
MOD - [2013/01/05 19:58:37 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\dba09b37e6ca5ba428250f4ec37ff886\DeviceVideo.ni.dll
MOD - [2013/01/05 19:58:36 | 000,332,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\dc3814e9818f4558adc5567349452d09\DevicePhoto.ni.dll
MOD - [2013/01/05 19:58:36 | 000,295,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\8118335dc3b0b8b325aba6ed23441db1\DeviceMusic.ni.dll
MOD - [2013/01/05 19:58:35 | 000,737,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\bd2bebfddbd510d96f6239fb7ec3e0f8\PhotoManager.ni.dll
MOD - [2013/01/05 19:58:35 | 000,448,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\146a7708f6dc490a194212c2c7582ccd\VideoManager.ni.dll
MOD - [2013/01/05 19:58:34 | 001,068,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\c2f71cff6fe6a3b6bbafdb0febb7a676\Podcaster.ni.dll
MOD - [2013/01/05 19:58:20 | 000,038,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a6836b2f35e71204d5c5cb306fa9a9c8\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/01/05 19:58:19 | 006,205,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\615d02d2496a33e13dc43e5bbe6fdcf2\DeviceHost.ni.dll
MOD - [2013/01/05 19:58:12 | 001,878,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\263b0682e6ab292fc30909a828cdcda5\Phonebook.ni.dll
MOD - [2013/01/05 19:58:09 | 000,705,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\b0e9aaa96259c3e1e3b1b671145e2ed6\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/01/05 19:58:08 | 000,906,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\d36f3a86951d608d4dcc1a056044693a\MusicManager.ni.dll
MOD - [2013/01/05 19:58:07 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\0c5cbbf8778e210154a1c920aa8e6cf3\BATPlugin.ni.dll
MOD - [2013/01/05 19:58:04 | 000,512,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\04f1381796568a552c473703bda8ab72\Kies.Common.MediaDB.ni.dll
MOD - [2013/01/05 19:58:04 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7eb4f7076060d8c712c38fa83cf25bc9\Kies.Common.StoreManager.ni.dll
MOD - [2013/01/05 19:58:02 | 000,281,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0f90a2200019fd7f77821f7c177c2c8e\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/01/05 19:58:02 | 000,231,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\ab6025c00c09ef604cfe7f62ba6361bc\ASF_cSharpAPI.ni.dll
MOD - [2013/01/05 19:58:02 | 000,062,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\4700fb367bdb391d134e5bb2887b150e\Kies.Common.AllShare.ni.dll
MOD - [2013/01/05 19:58:01 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ce78691189b1c5f7407d75a90c3ee0ba\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/01/05 19:58:00 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\6b4e334fd4aad4f3a8087edd266bfd3c\Interop.DevFileServiceLib.ni.dll
MOD - [2013/01/05 19:57:59 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8dd5624a6d84ad60a6e86a5345db02ab\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/01/05 19:57:58 | 000,620,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\3985678c4574c310c89104edbb569758\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/01/05 19:57:55 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7716aa3513e5c96e4524dc6f10a60dba\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/01/05 19:57:53 | 000,904,704 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a673311450d47e343111cbde22fe0120\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/01/05 19:57:46 | 001,054,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9298ed421172497625c298ba6ba4697b\Kies.Common.DeviceService.ni.dll
MOD - [2013/01/05 19:57:44 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\ce391dd8713fdaea3253ed5a348d1ba8\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/01/05 19:57:43 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\136a36200200a0b7863ef0065f18c752\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/01/05 19:57:43 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\59331ef312494080283ab800f5a83877\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/01/05 19:57:42 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\6ca4f8ca79452da6fd0bc565837686c6\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/01/05 19:57:35 | 002,180,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\957f613ff0124bbf6d058bd4ea39ff7a\Kies.Common.Multimedia.ni.dll
MOD - [2013/01/05 19:57:31 | 000,197,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9263dfa3cd73464b8f547685368cf611\Kies.Common.MainUI.ni.dll
MOD - [2013/01/05 19:57:27 | 000,066,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\87598a4518f4f35a3962c303285d5be8\Kies.Common.DBManager.ni.dll
MOD - [2013/01/05 19:57:26 | 000,743,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\eb4f1b9af134329be9174e340d5effeb\ICSharpCode.SharpZipLib.ni.dll
MOD - [2013/01/05 19:57:26 | 000,108,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\440c941bb0f89f808f30e9fb1cce0a38\Kies.Common.CRMManager.ni.dll
MOD - [2013/01/05 19:57:25 | 000,394,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\d5d257bc1793ee49fa1b670f46bf2c03\CabLib.ni.dll
MOD - [2013/01/05 19:57:25 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\e2eeb483c67bc76c8a5713873a85d8ad\Kies.Common.Util.ni.dll
MOD - [2013/01/05 19:57:23 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\f5a9500560608c5ff6c4c7dfd2b909c9\Interop.DeviceSearchLib.ni.dll
MOD - [2013/01/05 19:57:22 | 001,558,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\02b937555f422da7adaa8ad7c8955c3a\Kies.Locale.ni.dll
MOD - [2013/01/05 19:57:21 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8b5fa5998b260881f0d929da18856878\Kies.MVVM.ni.dll
MOD - [2013/01/05 19:57:20 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\22fc6f496a9c3e11f225efb3c7018a8b\Kies.UI.ni.dll
MOD - [2013/01/05 19:57:17 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\af714555a74b3d1eb69126719989a98e\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/01/05 19:57:14 | 001,215,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\4646babf0cd4772cce1911200be03a91\Kies.Interface.ni.dll
MOD - [2013/01/05 19:56:59 | 002,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\d8db32440624c688773163d91aecc455\Kies.ni.exe
MOD - [2013/01/05 19:44:27 | 017,632,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll
MOD - [2012/12/21 10:59:49 | 000,445,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxSyncHelper\d8d5ea4022e5f0945ea15bb2773ee41f\BoxSyncHelper.ni.exe
MOD - [2012/12/21 10:59:46 | 000,248,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\BoxUtils\00eaecc0684f1942162cb9994671512d\BoxUtils.ni.dll
MOD - [2012/12/21 10:59:46 | 000,055,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ZetaLongPaths\d81cf83ed04f887f8b18cfb68388224b\ZetaLongPaths.ni.dll
MOD - [2012/12/03 11:02:57 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll
MOD - [2012/12/03 11:02:49 | 000,767,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll
MOD - [2012/12/03 11:02:31 | 001,776,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll
MOD - [2012/12/03 10:52:05 | 011,057,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll
MOD - [2012/12/03 10:51:58 | 003,779,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll
MOD - [2012/12/03 10:51:53 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/12/03 10:51:51 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/12/03 10:51:49 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/12/03 10:51:44 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/12/03 10:51:40 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/11/27 15:13:40 | 000,585,728 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll
MOD - [2012/11/07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\MExplorer.dll
MOD - [2012/07/26 11:51:52 | 000,208,896 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VistaCalendar.dll
MOD - [2012/04/30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2012/04/30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2012/04/04 14:33:24 | 000,139,776 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CAgdLNotes.dll
MOD - [2012/03/16 12:51:02 | 000,188,416 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CAgdOutlook.dll
MOD - [2012/02/13 09:53:50 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\CalEngine.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\Report.dll
MOD - [2011/01/05 13:28:42 | 009,212,720 | ---- | M] () -- C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe
MOD - [2010/01/11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony\Sony PC Companion\VObject.dll
MOD - [2009/07/14 10:13:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009/07/14 10:12:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009/07/14 10:12:43 | 000,676,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\5588d54cbc98d72ed01194c6d4146073\System.Security.ni.dll
MOD - [2009/07/14 10:12:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009/07/14 10:12:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009/07/14 10:12:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009/07/14 10:12:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/05/07 14:03:54 | 000,524,288 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe


========== Services (SafeList) ==========

SRV - [2013/02/19 13:59:00 | 000,000,000 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/16 17:31:22 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/19 00:38:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/27 21:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/11 06:35:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/12/28 13:30:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Running] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV - [2010/12/24 02:26:10 | 002,678,784 | ---- | M] (PACE Anti-Piracy, Inc.) [Auto | Running] -- C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe -- (PaceLicenseDServices)
SRV - [2009/07/14 06:46:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Razer\Razer Game Booster\Driver\WinRing0.sys -- (WinRing0_1_2_0)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - [2013/02/19 13:59:00 | 000,033,112 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/11/22 06:13:14 | 000,100,216 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/24 19:51:38 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/10/24 19:51:38 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/27 14:03:24 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SMR311.SYS -- (SMR311)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/20 10:05:36 | 000,181,344 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/09/20 10:05:36 | 000,083,168 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/01/09 17:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012/01/09 17:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012/01/09 17:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2010/12/30 15:19:40 | 000,016,640 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV - [2010/11/03 18:39:26 | 000,093,304 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2010/04/05 22:06:20 | 000,224,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2010/02/03 19:06:36 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/09/17 19:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 06:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 06:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 06:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 05:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 04:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 04:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/08/13 08:18:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2005/07/22 10:20:04 | 001,275,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\P16X.sys -- (P16X)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0003860777ba906
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...IN&dcc=IN&opt=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 30 6C FC 1B 31 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0003860777ba906
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-12-02 14:52:29&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/02/19 13:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/16 19:54:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/22 13:29:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Krishnaa\AppData\Roaming\IDM\idmmzcc5 [2013/02/09 08:08:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Krishnaa\AppData\Roaming\IDM\idmmzcc5 [2013/02/09 08:08:09 | 000,000,000 | ---D | M]

[2012/10/16 19:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/11 06:36:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/03 12:29:20 | 000,917,816 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll
[2013/02/19 13:59:21 | 000,003,716 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2013/01/13 12:59:03 | 000,006,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/10/11 06:35:38 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 06:35:38 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.claro-sea...0003860777ba906
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.claro-sea...0003860777ba906
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Krishnaa\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: BitCometAgent (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Slinky Elegant = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Google Search = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: AdBlock = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: IDM Integration = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.2.2_0\
CHR - Extension: IDM Integration = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.3_0\
CHR - Extension: Google Maps = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Slinky Elegant = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Google Search = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.60_0\
CHR - Extension: AdBlock = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: IDM Integration = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.2.2_0\
CHR - Extension: IDM Integration = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.3_0\
CHR - Extension: Google Maps = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Gmail = \Users\Krishnaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\IEPro\IEProRecorder.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_4146831668FEA1F68C3484BF16391934] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKCU..\Run: [TK8 StickyNotes] C:\Program Files\TK8 StickyNotes\TK8StickyNotes.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Krishnaa\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Krishnaa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\IEPro.dll (IE7Pro.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9EC3EDC5-516E-4FDE-A250-651712AC3971}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42916d23-1d9a-11e2-822f-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{42916d23-1d9a-11e2-822f-00158315a310}\Shell\AutoRun\command - "" = I:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/13 09:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/02/09 19:46:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/02/09 08:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\IDM
[2013/02/09 08:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
[2013/02/09 08:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Download Manager
[2013/02/03 22:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
[2013/01/29 17:33:10 | 000,100,216 | ---- | C] (Tonec Inc.) -- C:\Windows\System32\drivers\idmwfp.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/22 14:06:52 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/22 14:06:52 | 000,020,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/22 14:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/22 14:04:01 | 004,115,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/02/22 14:04:01 | 001,288,238 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/02/22 13:59:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/22 13:59:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/22 13:59:42 | 2558,513,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/22 13:41:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/21 21:56:49 | 000,003,496 | ---- | M] () -- C:\bootsqm.dat
[2013/02/19 13:59:00 | 000,033,112 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/21 21:56:49 | 000,003,496 | ---- | C] () -- C:\bootsqm.dat
[2013/02/21 21:56:49 | 000,003,496 | ---- | C] () -- \bootsqm.dat
[2013/02/03 22:42:02 | 000,002,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
[2013/01/20 13:45:48 | 000,000,116 | ---- | C] () -- C:\Users\Krishnaa\Untitled.m
[2012/12/18 10:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 10:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/12/18 10:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/12/18 10:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/12/18 10:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/11/07 15:37:07 | 000,000,386 | ---- | C] () -- C:\Windows\{DB261EC9-3989-4982-ADCD-387DF3DF1E7D}_WiseFW.ini
[2012/07/07 12:58:28 | 000,000,249 | ---- | C] () -- \user.js
[2012/04/17 11:50:38 | 000,001,095 | ---- | C] () -- C:\Users\Krishnaa\Documents - Shortcut.lnk
[2012/02/28 23:01:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/02/07 19:16:01 | 000,172,032 | ---- | C] () -- C:\Windows\System32\SecSNMP.dll
[2012/02/06 01:26:03 | 2558,513,152 | -HS- | C] () -- \hiberfil.sys
[2012/02/05 18:42:40 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/02/05 18:42:29 | 000,022,723 | ---- | C] () -- C:\Windows\System32\cl31cl3.dll
[2012/02/05 12:27:28 | 000,000,155 | ---- | C] () -- C:\Windows\winamp.ini
[2012/02/05 12:08:18 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2012/02/05 12:08:18 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2012/02/05 12:08:18 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2012/02/05 12:08:18 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2012/02/05 12:08:18 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2012/02/05 12:08:18 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/02/05 12:08:18 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/14 07:34:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009/07/14 07:34:04 | 000,000,010 | ---- | C] () -- \config.sys

========== ZeroAccess Check ==========

[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 06:46:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 06:45:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F7DE749F

< End of report >
  • 0

Advertisements

#2
Jintan
Posted 23 February 2013 - 05:56 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Welcome to Geeks2Go Krishnaa,

The logs show part of the worm is still listed. That AVG error is due to AVG's search hijacker AVG Security Toolbar (little security, plenty of hijacking). The logs also show some adware, but we will deal with the worm first.


When running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

The malware has included an autorun type component, so if any external drives have been used on this computer recently be sure to install them now, and leave them installed until ALL repairs on it are completed. If not, they will remain infected and can re-infect the computer (or others).


Click here and download Flash_Disinfector.exe and save it to your desktop.

Doubleclick on Flash_Disinfector.exe to run it and follow the prompts. Wait until it has finished scanning and then exit the program.

The utility may ask you to insert your flash drive and/or other external/removable drives. Please do so and allow the utility to clean up those drives as well.

Then leave any drives installed until all repairs here have been completed.

This will also create autorun.inf folders on all drives there, which serves to block autoloading infection from creating some of their bad files they need to infect other drives and systems.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
  • 1

#3
Krishnaa
Posted 25 February 2013 - 06:13 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
I downloaded the Flash_DIsinfector.exe file, and when I double-clicked on it, I got the prompt 'may not have installed properly' from Windows. And now, when I run the file again, Windows asks for User Account Control permission to run it. When I click Yes, nothing happens. Am I doing something wrong?
  • 0

#4
Jintan
Posted 25 February 2013 - 09:37 AM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Go ahead and skip the Flash Disinfector step for now please.
  • 0

#5
Krishnaa
Posted 26 February 2013 - 07:40 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Here is the RogueKiller report:

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : Krishnaa [Admin rights]
Mode : Scan -- Date : 02/26/2013 19:09:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EARX-00PASB0 ATA Device +++++
--- User ---
[MBR] 774d9a8744a8ef780f4176e2f49f6b1a
[BSP] 5c67b102ee5736d1ba6a42e77dbca894 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 204699 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 419430400 | Size: 250000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 931430400 | Size: 499068 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung S2 Portable USB Device +++++
--- User ---
[MBR] c6197d8af22441b6bb9f31d703ee7b0c
[BSP] 6bff78a3271ec6586fc1657fcba7087a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 64 | Size: 953867 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: USB NAND FLASH DISK USB Device +++++
--- User ---
[MBR] f240c7661a5af5a3649b5ede3ca6d15e
[BSP] 0dc6920b01833100577b1b07fa2e1d10 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 62 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_S_02262013_02d1909.txt >>
RKreport[1]_S_02262013_02d1907.txt ; RKreport[2]_S_02262013_02d1909.txt
  • 0

#6
Jintan
Posted 26 February 2013 - 01:04 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Nothing much in that. Let's change course, and start cleaning things. Remove some adware, then scan for worm remnants.

First, remove the worm entry.

REGEDIT4

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{42916d23-1d9a-11e2-822f-00158315a310}]
Go to Start Search, type notepad.exe in the Start Search box. Notepad.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator"., and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

---------

Then let's ID the installed adware/search hijackers.

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#7
Krishnaa
Posted 27 February 2013 - 06:28 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Did the registry step, and now here's the contents of the list from HijackThis:

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Antares Auto-Tune 7 VST
Antares Autotune VST v5.09
Any Video Converter 3.5.7
A-PDF Split
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.3.9 (Unicode)
Audacity 2.0.3
AVG 2013
AVG 2013
AVG 2013
AVG Security Toolbar
BitComet 1.31
Bonjour
Box Sync
Burnout™ Paradise The Ultimate Box
CCleaner
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
Everything 1.2.1.371
EZdrummer
EZXDfh
FL Studio 9
Flowcode V4 for AVRs
FlyteDownloadManager version 1.2.3.0
Free YouTube Download version 3.1.37.918
Free YouTube to MP3 Converter version 3.11.32.918
FreeUndelete 2.1.36867.1
Google Chrome
Google Tamil Input
Google Update Helper
Hardcore
High-Definition Video Playback
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
IE7Pro
IL Download Manager
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 15.3.68.0
Intel® Network Connections 15.3.68.0
Interlok driver setup x32
Internet Download Manager
iTunes
Java 7 Update 15
Java SE Development Kit 7 Update 9
LAME v3.98.2 for Audacity
Magic ISO Maker v5.5 (build 0276)
MATLAB R2010b
Media Go
Media Go Video Playback Engine 1.96.121.08270
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 en-US)
Mozilla Maintenance Service
MpcStar 5.4
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
Nero BackItUp 10 Help (CHM)
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
PC Connectivity Solution
PDFCreator
PlayMemories Home
PlayStation®Network Downloader
PlayStation®Store
PoiZone
PSP ISO Compressor
QuickTime
Realtek High Definition Audio Driver
Samsung CLP-310 Series
Samsung Kies
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Sawer
Sony Ericsson Update Engine
Sony PC Companion 2.10.136
StageLight version 1.0 (Build 3344)
Street Fighter X Tekken
TK8 StickyNotes 3.4
Toxic Biohazard
TSST OEM Content
VC80CRTRedist - 8.0.50727.762
VirtualCloneDrive
VLC media player 1.1.6
Windows Driver Package - Nokia Modem (06/09/2010 7.01.0.8)
Windows Driver Package - Nokia Modem (10/07/2010 4.6)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR archiver
  • 0

#8
Jintan
Posted 27 February 2013 - 05:06 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
All the major ISP's have agreed to assist the music industry in monitoring downloads using torrent software. If the music industry reports a user to an ISP, that ISP will warn the user, then do things like slow down the user's Internet access (to thwart torrent downloading). And eventually prosecute the user. That being said, I will need you to uninstall BitComet in order for us to continue here. I sure wouldn't suggest doing secure transactions such as banking on a computer that had that installed.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

AVG Security Toolbar - Adware, spyware, search hijacker.
BitComet 1.31
IE7Pro - Loads a search hijacker bar on install with no opt out, and tries to install plenty of other adware/hope page hijackers etc. These are the true purpose for providing this software.

----------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.65.0.1400.exe to install the application.

Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks.

* If an update is found, it will download and install the latest version.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#9
Krishnaa
Posted 28 February 2013 - 10:29 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Alright, I'll keep the advice about BitComet in mind. Here's the Malwarebytes report after the scan:

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.28.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Krishnaa :: KRISHNAA-PC [administrator]

28/2/2013 6:53:41 PM
mbam-log-2013-02-28 (18-53-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208797
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
--------------------
Here's the report from ESET:

C:\Users\All Users\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll a variant of Win32/bProtector.B application
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YourFileDownloader\uninstall.exe a variant of Win32/YourFileDownloader application cleaned by deleting - quarantined
C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-16.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\Users\Krishnaa\Downloads\KL Downloads\installer_english-tamil_dictionary.exe Win32/Toggle application cleaned by deleting - quarantined
G:\KL\1. KINGSTON KL AS ON 1.9.10\autorun.inf INF/Autorun.P worm cleaned by deleting - quarantined
G:\Software\CD-DVD Software\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
G:\Software\CD-DVD Software\SoftonicDownloader_for_virtual-clonedrive.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
G:\Software\Documenting Software\Babylon8_setup.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
G:\Software\Documenting Software\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
G:\Software\Instant Messengers\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
G:\Software\Instant Messengers\Setup-MsgPlus-502.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP247\A0316049.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP269\A0351869.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP269\A0351890.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP269\A0351914.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP330\A0378326.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP330\A0378347.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP330\A0378371.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP436\A0482574.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
J:\System Volume Information\_restore{748FA8AE-8DD0-4C65-8211-012DF0C2999E}\RP436\A0482599.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
J:\1 C drive\My Documents\Downloads\4) MISC - KRISHNAA TO CHECK\cnet_avc-free_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
J:\4 F drive\Software\CD-DVD Software\Nero-9.4.12.3d_free.exe Win32/Toolbar.AskSBar application cleaned by deleting - quarantined
J:\4 F drive\Software\Documenting Software\Babylon8_setup.exe a variant of Win32/Toolbar.Babylon application deleted - quarantined
J:\4 F drive\Software\Instant Messengers\MsgPlusLive-480.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
J:\4 F drive\Software\Instant Messengers\Setup-MsgPlus-502.exe a variant of Win32/MessengerPlus.A application deleted - quarantined
J:\7 I drive\New Folder\My Downloads\MsgPlusLive-470.exe a variant of Win32/MessengerPlus application cleaned by deleting - quarantined
  • 0

#10
Jintan
Posted 28 February 2013 - 05:19 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
No usb infection located, though plenty of adware-bundled installs, and that search hijacking BrowserProtect. How are things running now?
  • 0

Advertisements

#11
Krishnaa
Posted 01 March 2013 - 05:54 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
The AVG Bad Image DLL error is gone, and everything else seems to be fine.

Thanks a lot for your help, instructions were very precise.

I need advice on one thing, which anti-virus should I use? I've been using Norton for the past few years without problems, but then I had to remove it (like I said in my opening post). Is AVG's free edition good enough? Or do you suggest something else?
  • 0

#12
Jintan
Posted 01 March 2013 - 05:39 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
There are free versions of Antivir, MS Security Essentials, Rising and other antivirus programs you might choose from, but if AVG works for you, no reason why not stay with it.

Just a few last steps now to finish up here. I noticed all your vulnerable programs (Java, Adobe Reader and Flash Player) are all current, so good job there.


Eset, if you don't plan to use it again, uninstalls through the Control Panel - Uninstall/Programs and Features.

You can also at this time delete the files/folders of the tools we used. To assist with some of that, run OTL again. This will help by automatically removing some of the tools we used.

Just click CleanUp, and select Yes. When it finishes removing some of the tools and files we used there just agree to the reboot.

-------

In addition, I like to recommend reviewing the information Here to make sure you stay malware free.
  • 0

#13
Krishnaa
Posted 02 March 2013 - 07:21 AM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Alright, thanks. I'll give that page a look.

So there isn't any need to buy a full version of anti-virus? Free would do, or do full-versions provide better security?
  • 0

#14
Jintan
Posted 02 March 2013 - 02:32 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
The free versions do just fine.
  • 0

#15
Krishnaa
Posted 02 March 2013 - 10:34 PM

Krishnaa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Alright.

Thanks again for your timely help!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP