Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer wont download anything?


  • Please log in to reply

#61
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
# AdwCleaner v3.000 - Report created 22/08/2013 at 19:30:49
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Vicky - VICKY-PC
# Running from : C:\Users\Vicky\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Vicky\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Vicky\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\ffxtlbr@funmoods.com
File Deleted : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\Extensions\freehdsport@freehdsport.tv.xpi
File Deleted : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\user.js
File Deleted : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BrowserProtect
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v

[ File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Vicky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [5078 octets] - [22/08/2013 19:30:07]
AdwCleaner[S0].txt - [4787 octets] - [22/08/2013 19:30:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4847 octets] ##########
  • 0

Advertisements


#62
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Can you please run AdwCleaner scan once more?

  • Run OTL.
  • Find in the OTL window Extra Registry section and change radiobutton there to the Use SafeList.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Then click the Run Scan button at the top.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

  • 0

#63
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL logfile created on: 22/08/2013 20:59:25 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.19% Memory free
6.18 Gb Paging File | 4.63 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 116.33 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.63 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 507.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/12 13:06:23 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/26 19:17:14 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/04 10:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 10:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 10:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 10:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/04 06:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 23:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/12/21 16:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 19:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 16:20:20 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll
MOD - [2013/08/19 16:20:10 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/08/19 15:54:39 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/08/19 15:54:30 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d013570491e3ed864b97675527fdd9d8\PresentationFramework.ni.dll
MOD - [2013/08/19 15:54:23 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/08/19 15:54:20 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/19 15:54:13 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3c2edeaaa3e117b0375bacf8fd971b1e\System.Core.ni.dll
MOD - [2013/08/19 15:54:05 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9ea1cf89cf1897b6b2eeee51ef39b6b9\PresentationCore.ni.dll
MOD - [2013/08/19 15:54:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6da40f01a719972f3242d3c374e499c5\System.Windows.Forms.ni.dll
MOD - [2013/08/19 15:53:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bc21753d988d4f70f77cd2febb84833c\WindowsBase.ni.dll
MOD - [2013/08/19 15:53:47 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/19 15:53:45 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/08/19 15:53:34 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/08/18 00:40:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 00:40:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 00:20:22 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/15 17:29:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2008/07/03 13:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/08/22 18:23:55 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/03 13:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://feed.snap.do/...q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK
IE - HKLM\..\SearchScopes\{838BF40B-FD99-4F37-8A9B-2CF9B3D9E46C}: "URL" = http://search.sky.co...m={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=5081023
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{050C47B0-9D1C-44DB-AE13-D4B6D2CDF760}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://search.babylo...00000234d80dcfd
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{FDF57497-04CA-49ED-A2C8-7811E39519F7}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2012/06/26 18:22:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2013/08/22 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/22 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/08/22 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/07/29 15:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
[2012/08/17 21:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/08/20 16:34:54 | 000,000,741 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\blap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC3F55E-ECB3-4F96-BE7D-B931B56006C2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{368EED3A-A405-467B-A691-8FCE285C7384}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70AE71F1-5201-4B51-A8B2-5ED6B8C35DE4}: DhcpNameServer = 88.82.13.12 88.82.13.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 17:20:10 | 000,000,170 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MSETUP4.EXE -- [2012/03/16 14:50:44 | 000,363,120 | R--- | M] (CANON INC.)
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/22 19:19:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/22 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\AVG2013
[2013/08/22 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/22 18:22:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/22 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\MFAData
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Avg2013
[2013/08/22 16:27:51 | 003,529,160 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Vicky\Desktop\avg_remover_stf_x86_2013_3341.exe
[2013/08/22 01:37:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/20 19:59:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vicky\Desktop\tdsskiller.exe
[2013/08/20 16:14:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\RK_Quarantine
[2013/08/19 15:54:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2013/08/18 22:25:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/18 18:32:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2013/08/18 13:14:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Canon
[2013/08/18 00:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/08/18 00:50:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013/08/18 00:50:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2013/08/18 00:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series User Registration
[2013/08/18 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/08/18 00:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013/08/18 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/08/18 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series Manual
[2013/08/18 00:35:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/08/18 00:34:36 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2013/08/18 00:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series
[2013/08/18 00:33:37 | 000,320,000 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5L.dll
[2013/08/18 00:33:37 | 000,266,752 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5C.dll
[2013/08/18 00:33:37 | 000,096,768 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5I.dll
[2013/08/18 00:33:37 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2013/08/18 00:32:36 | 000,314,880 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMB5.DLL
[2013/08/18 00:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/08/18 00:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/08/18 00:10:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/18 00:10:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/18 00:10:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/18 00:10:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/18 00:10:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/18 00:10:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/18 00:10:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/18 00:10:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/17 23:04:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/08/16 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 19:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/04 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
[2013/08/04 15:27:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/08/04 15:05:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\SoftGrid Client
[2013/08/04 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SoftGrid Client
[2013/08/04 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TP
[2013/08/04 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/07/31 18:17:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\{776d0f5f-79f0-46cb-ba05-582091ad41d2}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/22 20:47:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/22 20:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/22 20:05:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/22 19:38:14 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/22 19:38:14 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/22 19:34:03 | 000,001,791 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
[2013/08/22 19:32:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/22 19:32:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 19:32:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/22 19:29:03 | 000,975,858 | ---- | M] () -- C:\Users\Vicky\Desktop\AdwCleaner.exe
[2013/08/22 18:24:06 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/22 18:23:55 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/22 16:27:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/22 16:27:10 | 003,529,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Vicky\Desktop\avg_remover_stf_x86_2013_3341.exe
[2013/08/20 19:58:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vicky\Desktop\tdsskiller.exe
[2013/08/20 16:12:05 | 000,923,136 | ---- | M] () -- C:\Users\Vicky\Desktop\RogueKiller.exe
[2013/08/19 16:59:47 | 000,000,275 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/19 15:58:53 | 000,000,512 | ---- | M] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/08/19 15:58:19 | 000,044,032 | ---- | M] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 15:53:31 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 00:52:27 | 000,002,624 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2013/08/18 00:43:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/17 21:52:46 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/08/04 16:32:33 | 000,095,107 | ---- | M] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/07/28 18:20:31 | 000,001,105 | ---- | M] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/07/25 03:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/25 03:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/25 03:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/25 03:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/25 03:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/25 03:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/25 03:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/25 03:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/22 19:29:03 | 000,975,858 | ---- | C] () -- C:\Users\Vicky\Desktop\AdwCleaner.exe
[2013/08/22 18:24:06 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/20 16:13:13 | 000,923,136 | ---- | C] () -- C:\Users\Vicky\Desktop\RogueKiller.exe
[2013/08/19 15:58:53 | 000,000,512 | ---- | C] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/08/18 22:35:55 | 000,000,275 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/18 14:50:20 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2013/08/18 14:50:20 | 000,001,815 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/08/18 00:43:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/18 00:33:37 | 000,073,984 | ---- | C] () -- C:\Windows\System32\CNC175FD.TBL
[2013/08/04 16:32:31 | 000,095,107 | ---- | C] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/07/28 18:20:31 | 000,001,105 | ---- | C] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/03/09 09:28:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/27 15:42:04 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/06/10 16:43:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/10 00:03:57 | 000,002,624 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2008/12/11 22:28:26 | 000,005,972 | ---- | C] () -- C:\Users\Vicky\AppData\Local\d3d9caps.dat
[2008/11/29 19:22:58 | 000,044,032 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/10/28 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\new\AppData\Roaming\BitTorrent
[2013/08/22 18:25:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\AVG2013
[2013/08/22 21:01:08 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\BitTorrent
[2013/08/18 18:35:18 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Canon
[2013/08/17 17:14:00 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\FreeAudioPack
[2012/06/26 22:04:58 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Nico Mak Computing
[2013/08/04 15:31:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
[2012/06/29 23:54:32 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\RBotPlus
[2013/08/07 19:21:51 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\SoftGrid Client
[2012/02/26 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\Template
[2013/08/04 15:04:56 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TP
[2012/06/27 17:36:02 | 000,000,000 | ---D | M] -- C:\Users\Vicky\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#64
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL Extras logfile created on: 22/08/2013 20:59:25 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 47.19% Memory free
6.18 Gb Paging File | 4.63 Gb Available in Paging File | 74.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 116.33 Gb Free Space | 40.71% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.63 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 507.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Vicky\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2883AF70-F971-4C5C-BCE6-4EF5C8112D31}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{42DB8BBD-A0E2-4A38-A42C-6B316FC0BA21}" = lport=138 | protocol=17 | dir=in | app=system |
"{4672CC04-DBF8-4956-BFAC-2A8CF5222C43}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{4914C6E2-933A-47D3-8E3E-76AA1B8F663D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{6EA74138-21A9-4B4C-AD61-FABC1C09AFA0}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{92CEE901-3607-4E16-8FBF-63E80BAB0519}" = lport=445 | protocol=6 | dir=in | app=system |
"{A1334199-8FC6-41FF-8951-691F050E2858}" = rport=445 | protocol=6 | dir=out | app=system |
"{ADB9B237-C821-4415-8100-DD22F53E9D33}" = lport=139 | protocol=6 | dir=in | app=system |
"{C2711660-4503-4D45-99F6-B8AEFA53D445}" = rport=138 | protocol=17 | dir=out | app=system |
"{C29AF3D1-578C-4DF1-B417-C735B7B1CEB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DA081A4F-9B25-4DB0-93A6-B84964428248}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{E6C61842-612F-4663-830C-71B37C5EB702}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED1FEBA0-4E15-492A-BCB2-602FB7AC3B98}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F09882B4-F0A4-46DD-B799-BB29082CDDC3}" = rport=139 | protocol=6 | dir=out | app=system |
"{F9B1F616-729C-495D-B8DE-2B8E9E551180}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14E60534-295C-4ECD-98D1-A34E3E5416E6}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{19E99A0A-248A-4B6A-B676-7ECC787CCE60}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{1FDE2D34-359C-4DD7-8BB4-CB34606C39A1}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{279D037D-D765-4BCA-8628-ECA81993F051}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2A40273F-544E-4650-8A53-021D524CD0CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E25D740-0291-4FE3-B06A-6B8735676E28}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{318DB10E-AA35-478E-BBB0-D6F2E37C1943}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{3CC95023-27AE-4759-B78E-57D26D671C40}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{49CC2EEA-EAAD-4E93-84C5-D4B67E64C36A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{58428DE3-923C-4E64-8858-CFE2D711674F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{5BF2F60B-C8C4-4699-9F81-AA3F503478E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{64E2DD97-EC3C-4BBE-8AB8-C554C257A5BC}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{6DDFAB72-E701-4FBD-A627-65BD66AC5411}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8AD45FEC-96F5-4D15-B76E-24130AA4CB7E}" = dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{A07AF789-C10C-43CB-AF67-6DB7A11706FC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3109066-3DA6-482F-8D6B-3847A79E5246}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{C9A02B88-C160-4005-B1A4-8E52909D05B0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CCC36063-A19F-4272-8163-0EE2504895EC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{D367F560-7A78-4C9E-A801-F961E4C87FB5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D5C65A4F-0E59-43BC-AFC6-9B7789E4DABE}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{D7DBCEC0-5643-4871-81EE-276AC76480FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E1E0239C-7722-45CB-A9DC-2B4117183B95}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{E52E92BB-2F7E-4E01-A522-ACABAC6AEF23}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{E7113866-91FF-4650-8F77-A3E8CC41D1DE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F4D68330-3741-4A1C-A3E7-92CFB872F452}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"TCP Query User{564918C0-EC9D-4EF7-B9BA-9581C57219EA}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{68C7025A-1F82-4CA6-AD5A-49FC47E6758F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B1EB2A7B-2FD9-4CA6-B85B-5515386EB6E1}C:\program files\atdhenettvapp.com\atdhenettvapp.exe" = protocol=6 | dir=in | app=c:\program files\atdhenettvapp.com\atdhenettvapp.exe |
"TCP Query User{F4F12405-06F3-4A5D-8965-D7CC251929A1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{1CD70A9D-C7CB-4F88-B1C7-EF03694EC7D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{399368CA-9A23-4313-83D3-B78268B7AAF3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5CEABAEE-570C-459E-9377-209324A7E41D}C:\program files\atdhenettvapp.com\atdhenettvapp.exe" = protocol=17 | dir=in | app=c:\program files\atdhenettvapp.com\atdhenettvapp.exe |
"UDP Query User{702BCB97-6C74-4EF3-8402-65931775DAEC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series" = Canon MP230 series MP Drivers
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3544DED1-07DB-40C0-98F3-435A6DA195C7}" = Google SketchUp 8
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{5BBD0D3F-E4B2-4EE4-806A-07A95D4E2683}" = Sky Broadband Browser Branding
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5E83AB6E-2284-4468-BF97-A451904F186C}" = HP Deskjet 1050 J410 series Product Improvement Study
"{5FF27D65-35E5-4855-B7ED-59BCFBC85776}" = AVG 2013
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B124E3EA-59C5-462B-98EF-374099EA7A61}" = LeapFrog LeapPad Explorer Plugin
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C111B73A-93EA-4A12-80E2-0460F11D431F}" = HP Deskjet 1050 J410 series Basic Device Software
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CBBB226E-2289-4D29-8E5C-1331E7D71ED9}" = AVG 2013
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9233F02-5617-4BDC-8EC6-4B798EDFE6F4}" = LeapFrog Connect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG" = AVG 2013
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Canon MP230 series On-screen Manual" = Canon MP230 series On-screen Manual
"Canon My Image Garden" = Canon My Image Garden
"Canon My Image Garden Design Files" = Canon My Image Garden Design Files
"CanonMyPrinter" = Canon My Printer
"CanonQuickMenu" = Canon Quick Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HP Photo Creations" = HP Photo Creations
"Huawei Modems" = Huawei modem
"LeapPadExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PokerStars" = PokerStars
"SopCast" = SopCast 3.5.0
"STANDARDR" = Microsoft Office Standard 2007
"UPCShell" = LeapFrog Connect
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZTE_1.2059.0.8" = ZTE_1.2059.0.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 01/01/2013 11:09:54 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/01/2013 11:09:56 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 176593

Error - 01/01/2013 11:09:56 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 176593

Error - 01/01/2013 11:09:58 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/01/2013 11:09:58 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 180618

Error - 01/01/2013 11:09:58 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 180618

Error - 01/01/2013 11:10:00 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 01/01/2013 11:10:00 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 183254

Error - 01/01/2013 11:10:00 | Computer Name = Vicky-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 183254

Error - 02/01/2013 13:50:30 | Computer Name = Vicky-PC | Source = Perflib | ID = 1010
Description =

[ Broadcom Wireless LAN Events ]
Error - 20/03/2013 12:21:42 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 16:21:42, Wed, Mar 20, 13 Error - Unable to gain access to user store


Error - 08/04/2013 10:43:05 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 15:43:05, Mon, Apr 08, 13 Error - Unable to gain access to user store


Error - 24/04/2013 04:17:05 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 09:17:05, Wed, Apr 24, 13 Error - Unable to gain access to user store


Error - 27/04/2013 08:15:51 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 13:15:50, Sat, Apr 27, 13 Error - Unable to gain access to user store


Error - 11/06/2013 04:43:38 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 09:43:37, Tue, Jun 11, 13 Error - Unable to gain access to user store


Error - 12/06/2013 05:05:32 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 10:05:31, Wed, Jun 12, 13 Error - Unable to gain access to user store


Error - 13/06/2013 03:30:36 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 08:30:35, Thu, Jun 13, 13 Error - Unable to gain access to user store


Error - 31/07/2013 12:13:00 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 17:12:59, Wed, Jul 31, 13 Error - Unable to gain access to user store


Error - 03/08/2013 13:48:18 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 18:48:18, Sat, Aug 03, 13 Error - Unable to gain access to user store


Error - 17/08/2013 07:46:34 | Computer Name = Vicky-PC | Source = WLAN-Tray | ID = 0
Description = 12:46:34, Sat, Aug 17, 13 Error - Unable to gain access to user store


[ System Events ]
Error - 22/08/2013 11:29:33 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/08/2013 11:30:44 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/08/2013 11:30:44 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/08/2013 14:06:17 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22/08/2013 14:31:17 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 22/08/2013 14:33:22 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/08/2013 14:33:22 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/08/2013 14:33:22 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/08/2013 14:33:22 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 22/08/2013 15:47:28 | Computer Name = Vicky-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#65
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Okay, I see some leftovers from nasty things, let's remove them. I'd like to see a new AdwCleaner log too to make sure that all is clean.

Step 1. OTL fix.

  • Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://feed.snap.do/...q={searchTerms}
    IE - HKLM\..\SearchScopes\{838BF40B-FD99-4F37-8A9B-2CF9B3D9E46C}: "URL" = http://search.sky.co...m={searchTerms}
    IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}: "URL" = http://search.babylo...00000234d80dcfd
    IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{FDF57497-04CA-49ED-A2C8-7811E39519F7}: "URL" = http://www.mysearchr...q={searchTerms}
    [2013/08/17 17:14:00 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/07/29 15:37:16 | 000,221,380 | ---- | M] () (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
    O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
    @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:0B4227B4
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Step 2. AdwCleaner scan.

  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • AdwCleaner window should appear.
  • Click on the Scan button.
  • After scan Notepad window with report should appear. Post the contents of the report in your next message.
Step 3. OTL scan.

  • Run OTL.
  • Click on Scan All Users checkbox, which is located near Quick Scan button.
  • Then click the Run Scan button at the top.
  • Let the program run unhindered.
  • When the scan completes, it will open notepad window - OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic.
So, please, don't forget to post in your next message:

  • OTL log
  • AdwCleaner log

  • 0

#66
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Oops, I have forgotten to add:

In Step 2, when AdwCleaner will finish the scan, don't forget to click Report button. Only then AdwCleaner log will appear.
  • 0

#67
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB65B04-174C-4C09-691C-331B7382B660}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{838BF40B-FD99-4F37-8A9B-2CF9B3D9E46C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{838BF40B-FD99-4F37-8A9B-2CF9B3D9E46C}\ not found.
Registry key HKEY_USERS\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4DB65B04-174C-4C09-691C-331B7382B660}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4DB65B04-174C-4C09-691C-331B7382B660}\ not found.
Registry key HKEY_USERS\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FDF57497-04CA-49ED-A2C8-7811E39519F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDF57497-04CA-49ED-A2C8-7811E39519F7}\ not found.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HF_G_Jul deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_JULY_P1 deleted successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]
  • 0

#68
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
# AdwCleaner v3.000 - Report created 23/08/2013 at 16:09:43
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Vicky - VICKY-PC
# Running from : C:\Users\Vicky\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v

[ File : C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\prefs.js ]


*************************

AdwCleaner[R0].txt - [5078 octets] - [22/08/2013 19:30:07]
AdwCleaner[R1].txt - [674 octets] - [23/08/2013 16:09:43]
AdwCleaner[S0].txt - [4927 octets] - [22/08/2013 19:30:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [793 octets] ##########
  • 0

#69
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
OTL logfile created on: 23/08/2013 16:10:48 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vicky\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 48.99% Memory free
6.17 Gb Paging File | 4.48 Gb Available in Paging File | 72.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 120.15 Gb Free Space | 42.04% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.63 Gb Free Space | 47.37% Space Free | Partition Type: NTFS
Drive E: | 507.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: VICKY-PC | User Name: Vicky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
PRC - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:26 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/07/01 01:46:26 | 004,411,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/06/12 13:06:23 | 000,814,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
PRC - [2013/03/18 02:38:48 | 000,799,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/26 19:17:14 | 006,380,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2012/04/03 13:33:00 | 000,940,168 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/04/03 13:27:16 | 001,087,608 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/04/03 13:26:14 | 001,273,448 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/04 10:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 10:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 10:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 10:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/03/04 06:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2008/02/22 23:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/12/21 16:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 19:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/19 16:20:20 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\7ae268d4c2071d1151ec8e02cd39a3aa\System.Runtime.Remoting.ni.dll
MOD - [2013/08/19 16:20:10 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\44d87641535e186f4a7fc9c469bc73dd\System.Xaml.ni.dll
MOD - [2013/08/19 15:54:39 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\4f02f7d34c4fd0dc58ce1dffb5b424f9\PresentationFramework.Aero.ni.dll
MOD - [2013/08/19 15:54:30 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d013570491e3ed864b97675527fdd9d8\PresentationFramework.ni.dll
MOD - [2013/08/19 15:54:23 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\da18beba41f700dd4c71a3f5464c4342\System.Configuration.ni.dll
MOD - [2013/08/19 15:54:20 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\0835155203a99b6a9bb540629920da0d\System.Xml.ni.dll
MOD - [2013/08/19 15:54:13 | 007,053,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3c2edeaaa3e117b0375bacf8fd971b1e\System.Core.ni.dll
MOD - [2013/08/19 15:54:05 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\9ea1cf89cf1897b6b2eeee51ef39b6b9\PresentationCore.ni.dll
MOD - [2013/08/19 15:54:00 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6da40f01a719972f3242d3c374e499c5\System.Windows.Forms.ni.dll
MOD - [2013/08/19 15:53:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\bc21753d988d4f70f77cd2febb84833c\WindowsBase.ni.dll
MOD - [2013/08/19 15:53:47 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7e3570a0cc71998e14e7adb8e4ea0cbb\System.Drawing.ni.dll
MOD - [2013/08/19 15:53:45 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\fc16a5cafc433e6d942e9bd5b14fbeaf\System.ni.dll
MOD - [2013/08/19 15:53:34 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c799474a067f07ef3a167d75029fa012\mscorlib.ni.dll
MOD - [2013/08/18 00:40:19 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/18 00:40:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 00:20:22 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/07/15 17:29:28 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2008/07/03 13:28:14 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/07/23 19:09:28 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2008/05/02 20:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 12:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 12:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 19:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Webroot\Washer\wrssweep.sys -- (wrssweep)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\netaapl.sys -- (Netaapl)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/08/22 18:23:55 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/10 01:32:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010/01/19 12:49:50 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010/01/19 12:49:50 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008/07/03 13:28:02 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 13:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 10:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/17 10:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/06 08:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/03/04 06:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 06:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 12:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 17:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 17:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 17:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7DKUK


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=uk&ibd=5081023
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{050C47B0-9D1C-44DB-AE13-D4B6D2CDF760}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)


[2013/08/23 15:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\extensions
[2013/08/23 15:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/08/22 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/08/22 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vicky\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2012/08/17 21:54:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/08/23 15:52:33 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\blap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\football.Vicky-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\good\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\work pleas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1397186333-2763243757-143887221-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BC3F55E-ECB3-4F96-BE7D-B931B56006C2}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{368EED3A-A405-467B-A691-8FCE285C7384}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{70AE71F1-5201-4B51-A8B2-5ED6B8C35DE4}: DhcpNameServer = 88.82.13.12 88.82.13.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Vicky\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 17:20:10 | 000,000,170 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{05454490-fecb-11dd-8718-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{2ec2f99a-dad9-11df-8b30-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e6687-be45-11dd-a52e-00234d80dcfd}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66bc-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{3f0e66be-be45-11dd-a52e-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{4df5f306-7200-11de-a61d-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{518f9419-a0dc-11dd-b682-806e6f6e6963}\Shell\AutoRun\command - "" = E:\MSETUP4.EXE -- [2012/03/16 14:50:44 | 000,363,120 | R--- | M] (CANON INC.)
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell - "" = AutoRun
O33 - MountPoints2\{830c52f4-be43-11dd-ae27-00234d80dcfd}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0a0514-70a3-11de-a7ba-00219bf82473}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/22 19:19:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/22 18:25:18 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\AVG2013
[2013/08/22 18:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/22 18:22:47 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/08/22 18:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\MFAData
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/08/22 18:19:19 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\Avg2013
[2013/08/22 16:27:51 | 003,529,160 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Vicky\Desktop\avg_remover_stf_x86_2013_3341.exe
[2013/08/22 01:37:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/20 19:59:08 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vicky\Desktop\tdsskiller.exe
[2013/08/20 16:14:07 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\RK_Quarantine
[2013/08/19 15:54:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2013/08/18 22:25:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/18 18:32:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMIG
[2013/08/18 13:14:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\Canon
[2013/08/18 00:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2013/08/18 00:50:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJQuickMenu
[2013/08/18 00:50:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2013/08/18 00:45:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series User Registration
[2013/08/18 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/08/18 00:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2013/08/18 00:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/08/18 00:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series Manual
[2013/08/18 00:35:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/08/18 00:34:36 | 000,000,000 | -H-D | C] -- C:\Windows\System32\CanonIJ Uninstaller Information
[2013/08/18 00:34:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series
[2013/08/18 00:33:37 | 000,320,000 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5L.dll
[2013/08/18 00:33:37 | 000,266,752 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5C.dll
[2013/08/18 00:33:37 | 000,096,768 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNC_B5I.dll
[2013/08/18 00:33:37 | 000,015,872 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNHMCA.dll
[2013/08/18 00:32:36 | 000,314,880 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMLMB5.DLL
[2013/08/18 00:32:06 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/08/18 00:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/08/18 00:10:42 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/08/18 00:10:40 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/08/18 00:10:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/08/18 00:10:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/08/18 00:10:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/08/18 00:10:36 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/08/18 00:10:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/08/18 00:10:35 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/08/17 23:04:19 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/08/16 21:10:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/08/15 19:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/04 15:31:32 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\OpenOffice.org
[2013/08/04 15:27:10 | 000,000,000 | ---D | C] -- C:\Users\Vicky\Desktop\OpenOffice.org 3.4.1 (en-US) Installation Files
[2013/08/04 15:05:24 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Local\SoftGrid Client
[2013/08/04 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\SoftGrid Client
[2013/08/04 15:01:58 | 000,000,000 | ---D | C] -- C:\Users\Vicky\AppData\Roaming\TP
[2013/08/04 14:41:11 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/07/31 18:17:14 | 000,000,000 | ---D | C] -- C:\Users\Vicky\{776d0f5f-79f0-46cb-ba05-582091ad41d2}

========== Files - Modified Within 30 Days ==========

[2013/08/23 16:09:21 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/23 16:09:21 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/23 16:05:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/23 16:05:26 | 000,001,791 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk
[2013/08/23 16:04:51 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/23 16:02:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 16:02:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/23 16:02:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/23 15:52:33 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013/08/22 20:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/22 19:29:03 | 000,975,858 | ---- | M] () -- C:\Users\Vicky\Desktop\AdwCleaner.exe
[2013/08/22 18:24:06 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/22 18:23:55 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/08/22 16:27:38 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/22 16:27:10 | 003,529,160 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Vicky\Desktop\avg_remover_stf_x86_2013_3341.exe
[2013/08/20 19:58:39 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vicky\Desktop\tdsskiller.exe
[2013/08/20 16:12:05 | 000,923,136 | ---- | M] () -- C:\Users\Vicky\Desktop\RogueKiller.exe
[2013/08/19 16:59:47 | 000,000,275 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/19 15:58:53 | 000,000,512 | ---- | M] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/08/19 15:58:19 | 000,044,032 | ---- | M] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/19 15:53:31 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Vicky\Desktop\aswMBR.exe
[2013/08/18 13:10:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vicky\Desktop\OTL.exe
[2013/08/18 00:52:27 | 000,002,624 | ---- | M] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2013/08/18 00:43:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/17 21:52:46 | 000,021,504 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2013/08/04 16:32:33 | 000,095,107 | ---- | M] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/07/28 18:20:31 | 000,001,105 | ---- | M] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/07/25 03:32:35 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/25 03:25:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/25 03:24:39 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/25 03:24:24 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/25 03:23:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/25 03:23:27 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/25 03:22:35 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/25 03:22:04 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

========== Files Created - No Company Name ==========

[2013/08/22 19:29:03 | 000,975,858 | ---- | C] () -- C:\Users\Vicky\Desktop\AdwCleaner.exe
[2013/08/22 18:24:06 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/08/20 16:13:13 | 000,923,136 | ---- | C] () -- C:\Users\Vicky\Desktop\RogueKiller.exe
[2013/08/19 15:58:53 | 000,000,512 | ---- | C] () -- C:\Users\Vicky\Desktop\MBR.dat
[2013/08/18 22:35:55 | 000,000,275 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/08/18 14:50:20 | 000,001,929 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
[2013/08/18 14:50:20 | 000,001,815 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2013/08/18 00:43:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\Canon Quick Menu.lnk
[2013/08/18 00:35:57 | 000,002,133 | ---- | C] () -- C:\Users\Public\Desktop\Canon MP230 series On-screen Manual.lnk
[2013/08/18 00:33:37 | 000,073,984 | ---- | C] () -- C:\Windows\System32\CNC175FD.TBL
[2013/08/04 16:32:31 | 000,095,107 | ---- | C] () -- C:\Users\Vicky\Documents\polarzone.odt
[2013/07/28 18:20:31 | 000,001,105 | ---- | C] () -- C:\Users\Vicky\Documents\Recent Items.lnk
[2013/03/09 09:28:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/27 15:42:04 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2009/06/10 16:43:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/02/10 00:03:57 | 000,002,624 | ---- | C] () -- C:\Users\Vicky\AppData\Roaming\wklnhst.dat
[2008/12/11 22:28:26 | 000,005,972 | ---- | C] () -- C:\Users\Vicky\AppData\Local\d3d9caps.dat
[2008/11/29 19:22:58 | 000,044,032 | ---- | C] () -- C:\Users\Vicky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#70
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Time to turn out it. :)

Step 1. MBAM scan.

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2. ESET Online Scanner scan.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
So, please, don't forget to post in your next message:

  • ESET Online Scanner's log
  • MBAM log

  • 0

Advertisements


#71
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.23.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Vicky :: VICKY-PC [administrator]

23/08/2013 18:09:13
mbam-log-2013-08-23 (18-09-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 420182
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\ac1ae.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Windows\Installer\ac1b4.msi (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)
  • 0

#72
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
SETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b187d33e338bb545b01872d482c1f3b2
# engine=14881
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-23 06:48:57
# local_time=2013-08-23 07:48:57 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1039 16777213 100 92 14006 64414121 0 0
# compatibility_mode=5892 16776574 100 100 272150 214816465 0 0
# scanned=169027
# found=1
# cleaned=1
# scan_time=4476
sh=1EF5689721C4095AD818CDF81E8AEE5346E80A96 ft=1 fh=033efdfff74ab9a7 vn="Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Vicky\Videos\watch-wigan-athletic-vs-manchester-united.html"
  • 0

#73
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Do you still have any problems?
  • 0

#74
azza261

azza261

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
No
  • 0

#75
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Congratulations, your PC is clean now. :)

However, you need to follow some important steps to remove tools and prevent infection again.

Warning! I have noticed, that you are using P2P (Peer-to-peer)-programs.

I see that you have installed program, called BitTorrent. This program is classified as P2P-program - program, which is downloading content (movies, music, programs and etc.) via P2P-networks (torrents). P2P-networks are a huge source of malware, so you can easily pick up it.

So, I strongly recommend you to remove this program from your computer. If you don't want to remove this program from your computer, please, at least be very careful, what are you downloading from torrents.

Step 1. Uninstalling Programs.

  • Open Start menu.
  • Click on Control Panel.
  • Click on Programs and Features. New window should appear.
  • Uninstall these programs one by one, selecting each program and clicking Uninstall button.
Programs to uninstall:

  • ESET Online Scanner
  • Malwarebytes Anti-Malware
  • Optional: BitTorrent
Step 2. Uninstall AdwCleaner.

  • Run AdwCleaner on your Desktop.
  • Click Uninstall button.
  • AdwCleaner will be removed from your computer.
Step 3. CleanUp.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [EMPTYTEMP]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • After reboot run OTL again.
  • Click on CleanUp button.
  • OTL will be removed from your computer.
Here are some recommendations for you, how to stay safe in the internet.

  • Keep your system up-to-date. It will increase your protection level, because sometimes malware can use system vulnerabilities.

    To learn more, how to turn Automatic Updates on, if you haven't turned it on before, click here.
  • Keep another software up-to-date too. Malware can often use third party software vulnerabilities.

    You can monitor news about vulnerabilities or just simply install software, which will scan your computer for outdated and vulnerable software versions. If outdated version is found, this software will notify you about it and even install updates automatically.

    One of these programs is Secunia Personal Software Inspector. It requires installation, you can learn more about it here. This software also has online version - Secunia Online Software Inspector. It's Java applet, which requires Java Runtime Environment. You can learn more about it here.

    Another good program is FileHippo.com Update Checker. It requires installation and it scans your computer very rapidly. You can learn more about it here.
  • Keep your antivirus software always up-to-date.

    Turn on automatic definition updates for your antivirus, if you haven't turned it on before, it's a basis of protection. Don't forget to keep your antivirus engine version up-to-date, new versions usually have advanced functionality. They can clean and prevent infections more effectively, than outdated versions.
  • Use limited user account. It will considerably increase your level of protection.

    90% of Malware won't work under limited user account, because they need administrator priveleges. If you are using Windows XP, then you can use DropMyRights while you are surfing in the internet. If you are using Windows 7/Vista, then you'll need to create new User with limited rights.
  • Invent strong and long passwords for your accounts, if you want to keep your personal and confidential data in safety.

    Sometimes malware have very dangerous functionality - they can crack your passwords. Please, set very strong password for your administrator account in Windows, then malware won't harm your PC. Here you can find a nice tutorial, how to create strong passwords. For each account in the internet create individual password.
Hope that these recommendations will help you and you will avoid malware infections in the future. Good luck and safe web to you! :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP