Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

MyPC Backup, Hao123, Spigot, Inc [Solved]


  • This topic is locked This topic is locked

#16
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :)

Nice looking log!

I want to address this line with you from the log - @Alternate Data Stream - 76 bytes -> C:\Users\Ady\Documents\Microsoft Office XP PRO:Roxio EMC Stream Information can be found at the following link, but have quoted what you need to know about the Data Stream. Even though it's for issue 8 the info still applies. Roxio Support

As a part of Easy Media Creator 8, the RoxWatch application stores metadata as part of a file that is located within an alternate data stream. When a file is indexed by RoxWatch so that it is accessible through Media Manager, there is an alternate data stream added. This information is similiar to a virtual sticky note. This virtual sticky note contains a unique identification number which is assigned to media files on your hard drive. Only media files which are indexed by RoxWatch will contain this information. This feature assists users who move files to new locations on their hard drive by automatically updating their location. VideoWave and MyDVD projects for example contain pointers to images and videos that have been added to a project. If you move a file from one indexed location to another, typically when you attempt to open your saved project that image or video that was added will be missing in the project.

With this tagging however, once the new the file is indexed by RoxWatch your projects will automatically point to the new location of the files.

The unique identifier or tag is only unique to your computer, the same identification tag may exist on another customers computer for a different file. This information is only useful on your computer and as such does not exist and is not transferred anywhere else.

If you wish to stop this information from being created, you will need to right click on the RoxWatch or Media Manager Services icon in your system tray and choose "Stop Watching Folders". If you have hidden the system tray icon, you can access these options in the Media Manager application.


The reason I pointed that out is that I found that Microsoft Office XP PRO isn't compatible with Windows 7, have you had any problems with Office XP Pro or with Roxio? Microsoft Compatibility

Before I give you my next post I want to know how everything is running now? Any problems with Browsers?



P.S. Downloads.com - I haven't been there in a while :rofl: I call this site CNET and I know it very well. This is why I get the Malwarebytes link from Bleeping Computer :whistling: I will discuss this with you in a later post.
  • 0

Advertisements


#17
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Nutloaf

Everything seems fine, thanks very much.
I haven't got XP installed, by the way.

I'm travelling over the weekend back to Blighty so I'll be out of touch for a while. Hope this is okay!

Thanks again,
Ady
  • 0

#18
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there.

I haven't got XP installed, by the way

I know :) but you do have Microsoft Office XP Professional with FrontPage installed and in there is a file being indexed by Roxio :)

I'm travelling over the weekend back to Blighty so I'll be out of touch for a while. Hope this is okay!

Thanks for letting me know. It is of course no problem, I shall be here keeping watch :thumbsup:
  • 0

#19
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there Adydye. There is a post above this one, I'm not sure if you have seen that.

I am pleased to say your PC is clean and you are a free surfer again. :)

There is some advice for you at the bottom of this post. :thumbsup:


I have to clean up the tools we have used, create a new restore point, flush out the old ones and I will be out of your hair if there are no further problems.

Dustpan and Brush

1. OTL
Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

  • Then click Run Fix
  • When complete a log file will tell you if sucessfull. I do not need to see this.
  • Now click the CleanUp button on OTL. This will delete the log files, and OTL itself.
  • Click O.K to Reboot.

2. Flush Old System Restore Points
  • Click on Start(Windows 7 Orb) >> All Programs >> Accessories >> System Tools >> right-click on Disk Cleanup and select Run as Administrator.
  • If prompted Select the system drive, C then OK.
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked.
  • Now click on the More Options tab. If not shown - Click on Clean up system files >> Select the system drive, C then OK. now click More Options Tab.
  • Under:- System Restore and Shadow Copies Click on Clean up... select Delete >> OK then Delete Files.

3. Uninstall ADWcleaner
  • Open ADWcleaner and select uninstall.

4. Delete Security Check Icon
  • Right click the Security Check Icon and select Delete

5. Delete JRT icons
  • Right click the Junkware Removal Tool Icon and select Delete
  • Click Start then Computer and double-click Local Disk C: and delete the JRT Folder

6. Uninstall ESET
  • Click Start then Control Panel and select Uninstall a program or Programs and Features
  • Select ESET Online Scanner and uninstall

All Done :thumbsup:


Tips For A Clean Surf with Toolbar and Homepage free waves

I had a look into some free download sites for you. It's good to keep myself up to date on such matters and haven't used these sites for a while. This is what I found out:

Tucows and CNET installers have similar install procedures. A change in wording from Accept and Deny instead of being able to unselect items and click next has brought confusion. It makes people think that they are accepting the install and to click deny will close the installer. No you are accepting whatever is on that screen and have to click Deny to get to the next Deny screen until you eventually reach the install, not good.

Not all their installers are like this however, VLC and Malwarebytes downloads were fine on CNET, no hidden extras. Tucows however I did not like. VLC was problem free but Malwarebytes wasn't a good download option. I know that Malwarebytes is free to download but has a free trial option in the installer. When the free trial is over it will ask you to pay to upgrade to continue real time protection. I only need Malwarebytes to run a weekly scan but Tucows leads me to believe that it will cost me $30. Then a toolbar followed by a new Hompage then I cancelled the install.

Here are 2 sites that I had no problems with.

Free Download Sites
  • Sourceforge
  • FileHippo At this site the download links are available at the right hand side of the screen.

VLC Player from VLC site
  • Why use a download site when you can go directly to the softwares website :)
  • Use this link to download VLC player and save to desktop
  • Right click VLC icon and Run as Administrator
  • Follow the prompts to install VLC player with no added toolbars. There will be a VLC plugin for Mozilla enabled it's not needed and you can disable in Firefox Addons menu if you wish.

Avoid the following
  • Not Checking Install Screens - Dont just click next, next, next and Install when installing programs. Some of the screens may contain Browsers or Toolbars. Check each screen before clicking Next or Accept.
  • Torrent downloaders, Torrent files and Torrent sites. - Otherwise known as P2P. The files are mainly illegal, contain malware and\or adult material. Steer clear of P2P programs and files..
  • Registry Cleaners - They can clean a little too much and remove needed entries. The best thing to do with the registry is leave it be.
  • PC Performance Boosters. - Programs that promise to speed up your PC. These are useless and\or come packed with Toolbars and other uneeded software that runs in the background causing, you guessed it Performance Issues!

The main thing is to Keep On Top Of Your Updates and run Weekly Scans with Malwarebytes and Avast.

Select the following link and add it to your Favourites or Bookmark for future use. The answers to the majority of PC problems.

I know you're travelling so I will keep this post open for a couple of days in case you need further assistance or have any questions. If after that you need help then please start a new Topic in the appropriate forum. :wave:
  • 0

#20
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Nutloaf,

I'm very sorry but I had a problem yesterday - I was denied access to my desktop so I did a system restore to 2/7/13 which was the day I loaded OTL and now Hao123 is back!
Have I undone all our good work?!

Adrian
  • 0

#21
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

I was denied access to my desktop

What happened before this? Any updates carried out before?

OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Purity Check
  • In the Extra Registry box select Use Safe List
  • Copy and paste the following into the Custom Scans\Fixes box without the word Quote.

    dir C:\ /S /A:L /C

  • Now Click Run Scan
  • OTL will now scan your computer and produce 2 log files. OTL.txt and Extras.txt.
  • Post both in your next reply

  • 0

#22
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Nutloaf,

Again I'm sorry - I thought the restore point wouldn't return all the malware?!
I won't be able to do the scan till next week. Is that okay?

Ady
  • 0

#23
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
It's O.K Adydye, once I see a system is clean the last thing we do is create a new clean restore point and flush out all the old ones. The reason we do that last is in case those restore points are needed.

What you could have done instead of using System Restore is to ASK NUTLOAF hey Nut I can't access my Desktop what's up with that? :lol:

System Restore may have been my only method to get access, so don't feel bad. We will clean it again, I like doing it :)

I will post later on about the time period, I have no problems waiting a week :thumbsup:
  • 0

#24
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Asking Nutloaf was my first thought, but I was under pressure! 😓
  • 0

#25
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there :)

The wait is O.K for me, now here comes the but.....

BUT: The laptop shouldn't be used online if you can help it. The reason is that there is Malware on that machine and it is quite easy for it to develop further. Some infections like to get a foot in the door first so to speak, in order to propagate further.

I will wait for your OTL log :whistling:
  • 0

Advertisements


#26
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello Adydye :)

Just wondering if you are still in need of help? I can only keep this topic open for a couple more days. :thumbsup:
  • 0

#27
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Thanks for your patience....

OTL logfile created on: 7/17/2013 2:37:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ady\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.30% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 59.44 Gb Free Space | 42.71% Space Free | Partition Type: NTFS

Computer Name: ADY-MINI | User Name: Ady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/27 13:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ady\Desktop\OTL.exe
PRC - [2013/06/27 12:33:27 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/06/18 16:14:14 | 002,115,864 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2013/06/18 15:21:12 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 21:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/04/05 12:59:08 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/04/05 12:58:14 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2013/03/19 15:49:40 | 001,086,816 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/03/07 00:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/06/07 23:42:22 | 000,247,152 | ---- | M] (Dell) -- C:\Program Files\WSED\WSED.exe
PRC - [2010/06/03 01:35:58 | 000,632,176 | ---- | M] (Dell) -- C:\Program Files\Battery Meter\BTMeter.exe
PRC - [2009/11/17 11:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
PRC - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/06/10 01:13:52 | 000,320,880 | ---- | M] (Compal Electronics, Inc) -- C:\Program Files\CapsLKNotify\CapsLKNotify.exe
PRC - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/27 12:33:26 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/06/18 15:21:31 | 003,285,912 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/04/13 16:44:30 | 000,557,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/09/08 13:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 13:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/10 02:18:28 | 000,577,536 | ---- | M] () -- C:\Windows\System32\EMSC.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/06/27 12:33:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 16:14:14 | 001,124,632 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2013/06/18 15:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/07 00:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/25 11:13:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2009/11/17 11:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
SRV - [2009/11/13 11:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2009/06/03 22:46:38 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [On_Demand | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV - [2013/06/18 16:14:30 | 000,103,120 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2013/06/18 16:14:28 | 000,174,320 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2013/06/09 02:45:41 | 000,317,424 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\53984\RapportCerberus32_53984.sys -- (RapportCerberus_53984)
DRV - [2013/03/07 00:33:24 | 000,765,736 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/03/07 00:33:24 | 000,368,176 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/03/07 00:33:24 | 000,164,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/03/07 00:33:24 | 000,062,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/03/07 00:33:24 | 000,049,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/03/07 00:33:23 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/03/07 00:33:23 | 000,060,656 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/03/07 00:33:22 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2010/06/11 04:47:06 | 000,853,536 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV - [2010/03/24 10:57:16 | 000,191,008 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2010/03/10 08:16:12 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/26 23:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\EMSC.sys -- (EMSC)
DRV - [2009/03/12 19:36:38 | 000,143,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/02/13 11:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/11/02 02:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
IE - HKLM\..\SearchScopes\{9C2A66E6-945D-495E-8BDD-AFBB196F5D26}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USCON/2
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com...00070f1a1fdfc92
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes,DefaultScope = {6F277953-4D32-404D-8CEF-5862398B0187}
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00070f1a1fdfc92
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6F277953-4D32-404D-8CEF-5862398B0187}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1483
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.1
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..extensions.enabledItems: [email protected]:4.3
FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2013/07/07 18:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/07/07 18:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/27 12:56:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/29 07:13:36 | 000,000,000 | ---D | M]

[2010/09/30 17:48:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ady\AppData\Roaming\Mozilla\Extensions
[2013/07/07 18:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ady\AppData\Roaming\Mozilla\Firefox\Profiles\1cd2j3fo.default\extensions
[2013/06/27 12:56:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/06/27 12:55:29 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/27 12:56:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/27 13:20:48 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/07 18:13:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11C5F837-BB83-4C79-9DAA-5CB681D6914F}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell - "" = AutoRun
O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O33 - MountPoints2\{e2b9040e-ccb9-11df-b97b-5c260a0d1313}\Shell - "" = AutoRun
O33 - MountPoints2\{e2b9040e-ccb9-11df-b97b-5c260a0d1313}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/04 11:14:45 | 000,000,000 | ---D | C] -- C:\Users\Ady\Documents\JavaRa
[2013/07/03 13:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/07/03 12:36:03 | 000,000,000 | ---D | C] -- C:\Users\Ady\AppData\Roaming\Malwarebytes
[2013/07/03 12:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/03 12:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/07/02 12:15:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/02 12:15:24 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/02 11:46:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/06/29 07:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/06/29 07:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/06/27 13:25:33 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ady\Desktop\OTL.exe
[2013/06/27 12:55:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/18 16:14:28 | 000,102,448 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files - Modified Within 30 Days ==========

[2013/07/17 14:35:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 14:35:27 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/17 14:33:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/17 14:27:41 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/17 14:27:19 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2013/07/17 14:24:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/17 14:24:52 | 1602,293,760 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/07 18:25:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 18:18:12 | 000,637,642 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/07 18:18:12 | 000,115,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/07 18:14:10 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/07 18:14:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/06/29 04:54:22 | 000,890,988 | ---- | M] () -- C:\Users\Ady\Desktop\SecurityCheck.exe
[2013/06/29 04:53:48 | 000,648,201 | ---- | M] () -- C:\Users\Ady\Desktop\AdwCleaner.exe
[2013/06/27 13:25:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ady\Desktop\OTL.exe
[2013/06/27 13:20:55 | 000,001,992 | ---- | M] () -- C:\Users\Ady\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/06/27 13:20:55 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/06/18 16:14:28 | 000,102,448 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2013/07/07 18:14:10 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/29 07:13:36 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/29 04:54:15 | 000,890,988 | ---- | C] () -- C:\Users\Ady\Desktop\SecurityCheck.exe
[2013/06/29 04:53:37 | 000,648,201 | ---- | C] () -- C:\Users\Ady\Desktop\AdwCleaner.exe
[2013/03/20 07:47:43 | 000,164,736 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/20 07:47:42 | 000,049,248 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/04/06 10:44:02 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw41.bin
[2012/01/28 21:55:09 | 000,004,608 | ---- | C] () -- C:\Users\Ady\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/02 12:02:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== ZeroAccess Check ==========

[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/07/07 18:04:35 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\AVG10
[2011/12/29 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\calibre
[2010/09/30 20:27:19 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Easeware
[2013/07/07 18:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\IObit
[2012/07/08 17:42:22 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\PhotoScape
[2011/09/03 15:31:54 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Spotify
[2012/05/02 10:05:19 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\TP
[2010/09/30 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\Western Digital

========== Purity Check ==========



========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C is OS
Volume Serial Number is 30C1-038B
Directory of C:\
14/07/2009 05:53 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
14/07/2009 05:53 <SYMLINKD> All Users [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Ady
30/09/2010 13:34 <JUNCTION> Application Data [C:\Users\Ady\AppData\Roaming]
30/09/2010 13:34 <JUNCTION> Cookies [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Cookies]
30/09/2010 13:34 <JUNCTION> Local Settings [C:\Users\Ady\AppData\Local]
30/09/2010 13:34 <JUNCTION> My Documents [C:\Users\Ady\Documents]
30/09/2010 13:34 <JUNCTION> NetHood [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/09/2010 13:34 <JUNCTION> PrintHood [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/09/2010 13:34 <JUNCTION> Recent [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Recent]
30/09/2010 13:34 <JUNCTION> SendTo [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\SendTo]
30/09/2010 13:34 <JUNCTION> Start Menu [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu]
30/09/2010 13:34 <JUNCTION> Templates [C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Ady\AppData\Local
30/09/2010 13:34 <JUNCTION> Application Data [C:\Users\Ady\AppData\Local]
30/09/2010 13:34 <JUNCTION> History [C:\Users\Ady\AppData\Local\Microsoft\Windows\History]
30/09/2010 13:34 <JUNCTION> Temporary Internet Files [C:\Users\Ady\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Ady\Documents
30/09/2010 13:34 <JUNCTION> My Music [C:\Users\Ady\Music]
30/09/2010 13:34 <JUNCTION> My Pictures [C:\Users\Ady\Pictures]
30/09/2010 13:34 <JUNCTION> My Videos [C:\Users\Ady\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 05:53 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 05:53 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> My Documents [C:\Users\Default\Documents]
14/07/2009 05:53 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 05:53 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 05:53 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 05:53 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 05:53 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 05:53 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 05:53 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
14/07/2009 05:53 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 05:53 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Default\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
24/06/2010 16:13 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
24/06/2010 16:13 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
24/06/2010 16:13 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
24/06/2010 16:13 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
24/06/2010 16:13 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
24/06/2010 16:13 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
24/06/2010 16:13 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
24/06/2010 16:13 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
24/06/2010 16:13 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
24/06/2010 16:13 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
24/06/2010 16:13 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
24/06/2010 16:13 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
24/06/2010 16:13 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
24/06/2010 16:13 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
24/06/2010 16:13 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
24/06/2010 16:13 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 63,155,449,856 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Ady\Documents\Microsoft Office XP PRO:Roxio EMC Stream

< End of report >

OTL Extras logfile created on: 7/17/2013 2:37:37 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ady\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.80 Gb Available Physical Memory | 40.30% Memory free
3.98 Gb Paging File | 2.57 Gb Available in Paging File | 64.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 59.44 Gb Free Space | 42.71% Space Free | Partition Type: NTFS

Computer Name: ADY-MINI | User Name: Ady | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EBF722D-8153-41A4-AE38-7BA583A76183}" = lport=138 | protocol=17 | dir=in | app=system |
"{38FD7A6D-F738-4EEC-809B-E08C495407CB}" = lport=139 | protocol=6 | dir=in | app=system |
"{424C1C9B-E3C1-4444-A664-0A62CFCD3B5A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D7CDDED-D740-4BE5-AB1F-469D684BAF18}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB44AC5C-478C-4390-B897-6FD842F7F28D}" = rport=445 | protocol=6 | dir=out | app=system |
"{BB71A2CF-C9BA-41FD-9A2B-EBC31189A75B}" = lport=137 | protocol=17 | dir=in | app=system |
"{C5AD30AB-6D5F-42FE-8218-91E2F2780E65}" = rport=139 | protocol=6 | dir=out | app=system |
"{DC5605B7-630F-411C-BFC9-0083E8733D0E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DDB195FC-4981-4DCF-91AA-9CF344487EB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E83A479D-E6CA-4E89-9517-00DD64F92C4B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{F4FFE85C-FDB3-449D-9FA8-89391A3681E2}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9E43EC9-2AE6-44F3-80C1-4F462A2BA8CA}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01192CF3-12FB-41F0-8021-BD4FD52E9BED}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{07E598FB-44E6-4AD1-8504-B3F017D0DEB2}" = protocol=58 | dir=in | [email protected],-28545 |
"{18C803F4-A778-43B5-BAF2-C6C3F6B36EF2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{27CA76BE-263A-4A66-8478-264FB0B6E7DF}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2E25FFE8-B4C0-44A7-ABF1-7D5CAD1BA6A5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{34493584-23E4-492D-BE6D-13BD08D7483B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{50CA2776-525A-4984-9C84-B7540EACED54}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{55F95415-69EC-4565-8F13-5F68411A93BD}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{642F951C-AA85-4EAC-86AF-9F6520C626CF}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{67B0971A-B456-47E2-B329-AD3A5A504584}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6883C3B3-D49D-4BA0-B726-25A1CBF1886A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{699713AA-21D5-4AD3-AE6C-1D63481C3603}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{705D850E-F791-497A-8A53-930DBE4FF3B5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9F001008-115C-4E19-AFFB-26A1E861DB4E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AC2BACF8-08D5-46C2-9AF3-089CA7C6ADEC}" = protocol=58 | dir=out | [email protected],-28546 |
"{C50954B7-BCCC-4A4F-AAE5-9A3A54921FF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D011B8AE-CCD2-43D9-856B-6E5489B88CD5}" = protocol=1 | dir=in | [email protected].dll,-28543 |
"{DDCB214F-E4F0-4534-A571-618AFE033C23}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{EF3FF78E-2AFF-4B32-A030-A79857B2BBA9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{F12EBA7B-659E-4F76-8250-A51B2A93A1BE}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{76EF7833-2B7C-4A90-A908-E638E1078C28}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{D65A897E-DF70-4BC6-9F19-FCA8C706E9A0}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F1B58240-DF92-4DEF-8A06-4EC3E6FFE659}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{ABFB7EA7-3A84-42C1-AF30-B4CE085DA9D5}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{C56FA00A-F509-4AEC-9304-909895446F04}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{EB9218D5-E5F6-4F9B-9CC1-9698D92554A9}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator Suite 10.3.1
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}" = iTunes
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK PCIE Wireless LAN Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AEAB754A-426C-4738-89C1-52FCB389FCDF}" = calibre
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDAFC46A-90E2-11E2-B700-984BE15F174E}" = Evernote v. 4.6.4
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5026CE8-B6E0-46CB-A63C-040B920C8611}" = inSSIDer 2.0
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Suite 10.3.1
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"EPSON Scanner" = EPSON Scan
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"Rapport_msi" = Rapport
"Revo Uninstaller" = Revo Uninstaller 1.94
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/19/2011 12:52:02 PM | Computer Name = Ady-mini | Source = avast! | ID = 33554522
Description =

Error - 1/19/2011 12:52:02 PM | Computer Name = Ady-mini | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7/3/2013 7:18:12 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.

Error - 7/3/2013 7:19:10 AM | Computer Name = Ady-mini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/3/2013 7:19:10 AM | Computer Name = Ady-mini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17175

Error - 7/3/2013 7:19:10 AM | Computer Name = Ady-mini | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17175

Error - 7/4/2013 5:25:03 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The process cannot
access the file because it is being used by another process. for C:\Users\Ady\ntuser.dat

Error - 7/4/2013 5:25:03 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. DETAIL
- The process cannot access the file because it is being used by another process.


Error - 7/4/2013 5:25:03 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1515
Description = Windows has backed up this user profile. Windows will automatically
try to use the backup profile the next time this user logs on.

Error - 7/4/2013 5:25:03 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

Error - 7/4/2013 5:25:05 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1508
Description = Windows was unable to load the registry. This problem is often caused
by insufficient memory or insufficient security rights. DETAIL - The system cannot
find the file specified. for C:\Users\TEMP.Ady-mini.000\ntuser.dat

Error - 7/4/2013 5:25:06 AM | Computer Name = Ady-mini | Source = Microsoft-Windows-User Profiles Service | ID = 1500
Description = Windows cannot log you on because your profile cannot be loaded. Check
that you are connected to the network, and that your network is functioning correctly.
DETAIL - The system cannot find the file specified.

[ Dell Events ]
Error - 3/27/2011 4:11:39 PM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/3/2011 7:18:48 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/3/2011 7:18:48 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/3/2011 2:26:09 PM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/3/2011 2:26:09 PM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/8/2011 7:06:12 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/8/2011 7:06:13 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/13/2011 8:10:19 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/13/2011 8:10:19 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 4/13/2011 11:22:25 AM | Computer Name = Ady-mini | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 7/7/2013 12:54:10 PM | Computer Name = Ady-mini | Source = DCOM | ID = 10010
Description =

Error - 7/7/2013 1:08:57 PM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 7/7/2013 1:08:57 PM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%2

Error - 7/7/2013 1:09:04 PM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 7/7/2013 1:09:29 PM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the WD
SmartWare Background Service service to connect.

Error - 7/7/2013 1:09:31 PM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 7/17/2013 9:25:16 AM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 7/17/2013 9:25:17 AM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7000
Description = The Computer Backup (MyPC Backup) service failed to start due to the
following error: %%2

Error - 7/17/2013 9:25:23 AM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536805315.

Error - 7/17/2013 9:25:38 AM | Computer Name = Ady-mini | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
  • 0

#28
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Adydye, welcome back and thanks for getting back to me :)

O.K, it's not that bad but we will have to start over.

I was denied access to my desktop


What do you mean by this? Was there a freeze or did a screen\message prevent you from access?


1. OTL Fix
  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
    SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/03 10:35:50 | 006,104,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    DRV - [2010/09/13 16:27:54 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)

    IE - HKLM\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKLM\..\SearchScopes\{9C2A66E6-945D-495E-8BDD-AFBB196F5D26}: "URL" = http://www.bing.com/...rc=IE-SearchBox
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9C2A66E6-945D-495E-8BDD-AFBB196F5D26}
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.hao123.com...00070f1a1fdfc92
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes,DefaultScope = {6F277953-4D32-404D-8CEF-5862398B0187}
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00070f1a1fdfc92
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
    IE - HKU\S-1-5-21-963821008-549225021-1322928169-1000\..\SearchScopes\{6F277953-4D32-404D-8CEF-5862398B0187}: "URL" = http://search.yahoo....p={searchTerms}

    FF - prefs.js..browser.search.defaultenginename: "Yahoo"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=198484"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo"
    FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1114
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..extensions.enabledItems: [email protected]:4.3
    FF - prefs.js..keyword.URL: "http://search.yahoo....type=198484&p="
    FF - HKLM\Software\MozillaPlugins\@ei.TelevisionFanatic.com/Plugin: C:\Program Files\TelevisionFanaticEI\Installr\1.bin\NP64EISB.dll (TelevisionFanatic)
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2013/07/07 18:03:01 | 000,000,000 | ---D | M]

    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
    O4 - HKU\.DEFAULT..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 4] "C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe" File not found
    O4 - HKU\S-1-5-18..\Run: [Advanced SystemCare 6] "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart File not found
    O4 - HKU\S-1-5-21-963821008-549225021-1322928169-1000..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart File not found
    O4 - Startup: C:\Users\Ady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = File not found
    O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell - "" = AutoRun
    O33 - MountPoints2\{008605d6-ccbe-11df-aa15-70f1a1fdfc92}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe

    [2013/07/07 18:04:35 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\AVG10
    [2013/07/07 18:04:36 | 000,000,000 | ---D | M] -- C:\Users\Ady\AppData\Roaming\IObit
    @Alternate Data Stream - 76 bytes -> C:\Users\Ady\Documents\Microsoft Office XP PRO:Roxio EMC Stream

    :REG
    [HKEY_USERS\S-1-5-21-963821008-549225021-1322928169-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.google.com"
    "Start Page"="http://www.google.com"

    :FILES
    C:\Program Files\IObit
    C:\Program Files\AVG
    C:\Program Files\MyPC Backup
    C:\Program Files\TelevisionFanaticEI

    :COMMANDS
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.

2. Run ADWcleaner
  • Using this link Download ADWcleaner and save to Desktop.
  • Right click ADWcleaner and Run as Administrator then select Search
  • The search will complete and a log produced I do not need to see this log.
  • Back to ADWcleaner and click Delete and O.K to remove malware.
  • A reboot will be asked for click O.K
  • On reboot a log is produced. I need to see this log

3. Junkware Removal Tool
Posted Image 1. Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

4. Security Check
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I want to see in your next post.
  • OTL Fix.txt
  • ADW results
  • JRT.txt
  • checkup.txt

  • 0

#29
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Adydye

It has been 4 days with no reply, so now I have to prod you with a pointy stick :)
  • 0

#30
adydye

adydye

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Hi Nutloaf,

I ran OTL and when it restarted it said the desktop is in accessible in a Windows pop up. Then I get a black screen with white icons and no program's are showing!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP